Ubisoft says it's investigating reports of a new security breach

Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online.

Ubisoft is a French video game publisher known for well-known titles, including Assassin's Creed, FarCry, Tom Clancy's Rainbow Six Siege, and the new Avatar: Frontiers of Pandora.

Ubisoft told BleepingComputer that they are investigating an alleged data security incident after security research collective VX-Underground shared screenshots of what appears to be the company's internal services.

"We are aware of an alleged data security incident and are currently investigating. We don't have more to share at this time," Ubisoft said in a statement to BleepingComputer.

In a tweet, vx-underground says that an unknown threat actor told them that they breached Ubisoft on December 20th. Once inside the company’s systems, they said they planned to exfiltrate around 900GB of data.

As part of this alleged breach, the threat actor claimed they gained access to the Ubisoft SharePoint server, Microsoft Teams, Confluence, and MongoDB Atlas panel, sharing screenshots of their access to some of these services.

MongoDB Atlas recently disclosed a breach, but based on their disclosure, it does not appear that this incident is related.

The threat actors told vx-underground that they attempted to steal data Rainbow 6 Siege user data but were detected and lost access before they could do so.

Ubisoft was previously breached by the Egregor ransomware gang in 2020, who released portions of the Ubisoft Watch Dogs game's source code. The company suffered a second breach in 2022 that disrupted its games, systems, and services.

Do you have information about this or another attack? If you want to share the information, you can contact us securely and confidentially on Signal at +1 (646) 961-3731 or by using our tips form.