Ubisoft Just Mitigated A Massive 900 GB Hack Attempt

On December 20, Ubisoft faced a potential security breach with hackers targeting around 900 GB of data, as reported by VX Underground on X. According to BleepingComputer, Ubisoft said that they are investigating the alleged data security breach after screenshots were leaked of what appeared to be internal services and tools of the company. This marks the third data breach attempt in three years, leaving Ubisoft in a tough spot. 

December 20th an unknown Threat Actor compromised Ubisoft. The individual had access for roughly 48 hours until administration realized something was off and access was revoked.

They aimed to exfiltrate roughly 900gb of data but lost access.

— vx-underground (@vxunderground) December 22, 2023

It seems that the hackers had access to the SharePoint Server, MongoDB Atlas Panel, and Confluence as Microsoft Teams for around 48 hours. After that, the administration realized the situation and banned access, managing to save the data from being leaked. According to VX underground, the unknown hackers were aiming to breach around 900GB of data before authorities revoked the access. The incident happened just days after Insomniac Games fell victim to a massive data breach.

Although, the threat was taken care of in a timely manner, it has still raised alarms as Ubisoft continues to work on a Star Wars game as well as multiple Assassin’s Creed titles, making it a big target for hackers. Ubisoft was previously attacked by a ransomware gang in 2020, and a second breach occurred in 2022. 

While it is truly commendable of the team to act quickly, Ubisoft should amp up its security, given the recent ransomware attacks and security breaches, if it wants to avoid a major compromising leak such as Insomniac’s.