Ubisoft Entertainment SA has confirmed an attempt to steal 900GB of data from its infrastructure and is investigating the perpetrators.
An unknown actor accessed internal tools from Ubisoft on December 20th, reviewing users’ access rights on Microsoft Teams, Confluence, and SharePoint. Fortunately, Ubisoft managed to revoke the access after a period of 48 hours.
Ubisoft is one of the largest developers and publishers in the industry, known for incredible franchises like Assassin’s Creed, Far Cry, and Tom Clancy’s.
The latest cybersecurity threat to Ubisoft occurred merely a year after the company was compelled to reset passwords due to cyber attacks linked to Lapsus$, the same group behind the GTA 6 leaks.
VX-Underground, an online malware repository, posted about the incident on X, explaining the situation.
Furthermore, the researchers shared screenshots regarding Ubisoft’s internal services. It remains unclear whether the hackers managed to successfully retrieve any information before Ubisoft was able to revoke access.
Rumors suspect that the attackers were trying to go after user data for Rainbow Six: Siege but failed. The company remains “aware” of the incident but has yet to share additional information.
This attack represents the second major data breach targeting a AAA video game company this month. Insomniac Games, the developer behind Spyro the Dragon, Ratchet & Clank, and Spider-Man, lost about 1.67TB in data regarding the studio’s plans going into the next decade.