{"id":2687,"date":"2022-03-17T23:15:47","date_gmt":"2022-03-18T05:15:47","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=2687"},"modified":"2022-03-17T23:15:50","modified_gmt":"2022-03-18T05:15:50","slug":"game-company-ubisoft-hit-with-cyber-security-incident","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/17\/game-company-ubisoft-hit-with-cyber-security-incident\/","title":{"rendered":"Game company Ubisoft hit with \u2018cyber security incident\u2019."},"content":{"rendered":"\n
\"\"
Photo by Sigmund<\/a> on Unsplash<\/a><\/figcaption><\/figure><\/div>\n\n\n\n

“Incident”<\/h3>\n\n\n\n

The French game company Ubisoft, which titles include the popular video game series Far Cry and The Prince of Persia, confirmed that it had suffered a \u2018cyber security incident\u2019 [1] that was first reported by The Verge<\/a> on March 10, and confirmed by Ubisoft on March 11 [2].<\/p>\n\n\n\n

Ubisoft is a gaming company that has been around since the late 1980\u2019s, growing to feature a collection of major video game franchises including Just Dance to a myriad of Tom Clancy and Assassin’s Creed titles [3].\u00a0\u00a0<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"
Photo by Nahel Abdul Hadi<\/a> on Unsplash<\/a><\/figcaption><\/figure><\/div>\n\n\n\n

Same actors?<\/h3>\n\n\n\n

According to the Verge, a leaked screenshot from the Telegram channel hosted by the hacker group LAPSUS$ shared the group’s reaction to the said incident\u2019s article, possibly implying their connection to the cyber attack, although neither confirming nor denying it. The official statement<\/a> from Ubisoft confirmed the incident, which they claim caused a \u201ctemporary disruption to some of our games, systems, and service,\u201d[1] yet attesting that no player information was exposed as a result, however they issued a company wide mandate requiring their employees to change their passwords.\u00a0<\/p>\n\n\n\n

LAPSUS$ has been in the news quite frequently following a string of ransomware attacks on companies such as the major chip maker NVIDIA, and tech conglomerate Samsung. Confidential information such as private source code, employee records, and personal information were stolen and then threatened with public leaking, unless certain ideological demands were met [4].\u00a0<\/p>\n\n\n\n

Thoughts<\/h3>\n\n\n\n

With little information being provided officially from Ubisoft of the actual attackers, it is only speculation at this moment as to what happened, and by whom. The company-wide password reset mandate could possibly point to a scenario where a weak and\/or duplicate password was used by an individual employee, or some sort of social engineering or phishing attempt was used to acquire login information. The fact that the LAPSUS$ group has also not claimed direct responsibility, whereas they did with the NVIDIA and Samsung ransomware attacks[4], it is possible the hackers didn\u2019t completely accomplish all they had hoped to. For example, a successful ransomware attack would be acquiring relevant enough data in order to extort the company into complying to their demands and\/or financial compensation.<\/p>\n\n\n\n

When a company is attacked, and the personal information of its company is released, there is not much one can personally do at that point. Even though customers and their data may not be the main target, rather a demand for change in company policies or practices, as was the case with the LAPSUS$ vs. NVIDIA incident, our personal information can easily become collateral damage in these situations. I believe it is best to give these companies as little personal information as possible when purchasing or using their products, which these days seems almost impossible, especially if requiring a credit card and billing address to purchase something.\u00a0<\/p>\n\n\n\n

As someone who has been a victim of a company’s customer data being leaked, I can personally attest to the insane increase in the amount of phishing emails and unauthorized login attempts to many other online services that shared the same email. It was a great reminder to never use the same password, and shows just how vulnerable we all are with giving our information to companies, knowing nothing of their security practices.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"
Photo by Towfiqu barbhuiya<\/a> on Unsplash<\/a><\/figcaption><\/figure>\n\n\n\n

Sources<\/h4>\n\n\n\n
  1. https:\/\/news.ubisoft.com\/en-gb\/article\/3tSsBh25mhHhlbGSy1xbRw\/ubisoft-cyber-security-incident-update<\/a><\/li>
  2. https:\/\/www.theverge.com\/2022\/3\/11\/22972768\/ubisoft-cyber-security-incident-hack<\/a><\/li>
  3. https:\/\/en.wikipedia.org\/wiki\/Ubisoft#Games<\/a><\/li>
  4. https:\/\/blog.checkpoint.com\/2022\/03\/07\/lapsus-ransomware-gang-uses-stolen-source-code-to-disguise-malware-files-as-trustworthy-check-point-customers-remain-protected\/<\/a><\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"

    “Incident” The French game company Ubisoft, which titles include the popular video game series Far Cry and The Prince of Persia, confirmed that it had suffered a \u2018cyber security incident\u2019 [1] that was first reported by The Verge on March 10, and confirmed by Ubisoft on March 11 [2]. Ubisoft is a gaming company that … <\/p>\n

    Continue reading “Game company Ubisoft hit with \u2018cyber security incident\u2019.”<\/span><\/a><\/p>\n","protected":false},"author":309,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-2687","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Travis Hamilton","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/travis-hamilton\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/309"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=2687"}],"version-history":[{"count":6,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2687\/revisions"}],"predecessor-version":[{"id":2697,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2687\/revisions\/2697"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=2687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=2687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=2687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}