Ubisoft Won't Say Why It Reset Employee Passwords After 'Cyber Incident'

Gaming giant Ubisoft has confirmed a cybersecurity incident that led to the mass-reset of company passwords, but has declined to say what the incident actually was. From a report: In a brief statement, Ubisoft said: "Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services. Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset. Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident," the statement said. The France-headquartered video game company is best known for its Assassin's Creed and Far Cry brands. According to the company's latest earnings report from October, Ubisoft had 117 million active players.

Silence about a public break-in is a bad look.

[ITRambo]

Anything could have happened. Until they clearly explained what happened, it's repercussions, and how it was and is being dealt with, no one should believe them.

Re:

[Xenx]

Is it silence? They announced it happened, they said they're investigating with external experts, and they said they forced a password change as a precaution. They also noted that there isn't currently any indication of customer information being access. It's only been a week, which isn't exactly a long time to figure out the extent of what happened.

Pretty Standard Reaction

[JourneymanMereel]

Sure, they could stand to be more forthcoming... and more information very well may come out. But this sure seems like an attempt to stir a pot. Forcing the reset of passwords is a pretty standard reaction... especially if you have any suspicion that passwords could possibly have been compromised.

Re:

[darkain]

100% this.

Its low-hanging fruit in the security response playbook. This is one of the first actions any serious org would take for any amount of data leakage. It could have been a single employee re-using a password that caused a breach, so reset EVERYONE's password with stronger policies to ensure the issue is not repeated.

TLDR: resetting passwords is a NORMAL and EXPECT response.

Seems like common sense to me

[Joreallean]

Just like if someone broke into your house, are you going to worry about whether or not the house key is stolen before calling a locksmith to change the locks?