The French video game publisher, Ubisoft, is known for popular games like Assassin’s Creed, FarCry, Tom Clancy’s Rainbow Six Siege, and the recently released Avatar: Frontiers of Pandora. Ubisoft told BleepingComputer that they are looking into an alleged data security incident after security research collective VX-Underground shared screenshots of what appear to be the company’s internal services. Ubisoft is investigating whether it suffered a breach after images of the company’s internal software and developer tools were leaked online.
Ubisoft said in a statement to BleepingComputer, “We are aware of an alleged data security incident and are currently investigating. We do not have more to share at this time.” vx-underground said in a tweet that an unidentified threat actor had hacked Ubisoft on December 20th and that once inside the company’s systems, they intended to exfiltrate about 900GB of data.
December 20th an unknown Threat Actor compromised Ubisoft. The individual had access for roughly 48 hours until administration realized something was off and access was revoked.
— vx-underground (@vxunderground) December 22, 2023
They aimed to exfiltrate roughly 900gb of data but lost access.
MongoDB Atlas recently disclosed a breach, but based on their disclosure, it does not appear that this incident is related. The threat actor claimed they gained access to the Ubisoft SharePoint server, Microsoft Teams, Confluence, and MongoDB Atlas panel as part of this alleged breach, sharing screenshots of their access to some of these services.
The threat actors told vx-underground that they tried to steal user data from Rainbow 6 Siege but were caught and had to give up access before they could. In 2020, the Egregor ransomware gang breached Ubisoft, releasing parts of the source code for the game Watch Dogs. In 2022, the company experienced another breach that caused disruptions to its systems, games, and services.