Ubisoft is one of the most popular game publishers with game studios under it. The French publisher is responsible for series like Assassin’s Creed, Tom Clancy’s Ghost Recon, Tom Clancy’s Rainbow Six, and Far Cry. The publisher is working on Star Wars Outlaws, the first ever open-world Star Wars title, and Skull and Bones, a game based on the pirate culture and setting.
Unfortunately, leaks have become increasingly familiar with time, especially in the video game industry. From the GTA 6 leaks last year to the Insomniac leaks that happened very recently, many AAA studios and publishers have fallen victim to cyberattacks by individuals with malicious intentions. Now, it has come to light that Ubisoft is the next studio to report an attempted leak from a hacker.
Ubisoft reports to BleepingComputer that it is investigating a leak
BleepingComputer revealed that the studio was alerted after screenshots of its developer tools and related software were shared by VX Underground, which is a cybersecurity research community. The attacker attempted to breach the secure system of the publisher on December 20. The French publishers also published an official statement to BleepingComputer, and it had this to say on the matter:
We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time..
A Twitter account by the name of vx-underground had this to say on their Twitter account:
December 20th an unknown Threat Actor compromised Ubisoft. The individual had access for roughly 48 hours until administration realized something was off and access was revoked. They aimed to exfiltrate roughly 900gb of data but lost access.
It is worth noting that the last statement indicates that the hackers fortunately couldn’t succeed in illegally extracting data. Whether anything has been stolen from the company’s secure servers is still under investigation, but images of the company’s private portals have leaked online.
The cyber attacker who attacked the French publisher’s server tried to access its SharePoint server, Microsoft Teams, Confluence, and MongoDB Atlas panel. The Microsoft Teams conversation screenshot shows individuals discussing a scheduled meeting related to unknown matters. The SharePoint server, which usually serves as a platform to share and manage documents, showed some critical documents, such as files relating to the company’s information security standards.
The hacker also accessed the Atlas dashboard, a suite for the industry-leading NoSQL Database, MongoDB. Some files relating to Ubisoft’s Battle Royale title, HyperScape, were also revealed in the screenshot shared by VX Underground on their Twitter post embedded above. Files relating to other titles like Ghost Recon Breakpoint.
It is most undoubtedly scary to even imagine the repercussions that would have been if the attacker had succeeded and had illegally gained access to the studio’s confidential documents and other files. It would have been nothing short of the catastrophe at Insomniac some time ago.
The attacker also tried to use their access to obtain user data for Rainbow Six Siege players illegally, undoubtedly one of the publisher’s most popular, if not the most popular, live-service titles. Unfortunately, the French studio has had incidents of cybercrime where they have fallen victim to other such attacks.
It was previously breached in 2020, leading to the source code for Watch Dogs Legion getting partly leaked. A similar breach also occurred in 2022, leading to similar repercussions for the French game publisher. As discussed earlier, the publisher’s upcoming projects are Skull and Bones and Star Wars Outlaws. The former’s closed beta was scheduled recently in December 2023 and was also not bound under NDA, so gamers could stream their playthrough on platforms like YouTube.
Skull and Bones is all set to come out on February 16, 2024, after having been delayed six times by the studio. Since it has spent a lot of time in the pipeline, the expectations from the title are high. It is also fortunate that no footage or, worse, a dev build for the game wasn’t obtained unlawfully by the breach. All of this has happened in the past and is, by all means, catastrophic for the studio and its progress.
Follow us for more entertainment coverage on Facebook, Twitter, Instagram, and YouTube.