Game studio Ubisoft examines claims of data security incident

Video game giant Ubisoft said it is investigating claims that hackers infiltrated its systems this week and attempted to steal data.

A spokesperson for the French company told Recorded Future News that Ubisoft officials were “aware of an alleged data security incident and are currently investigating.”

“We don’t have more to share at this time,” they added.

The claims came in a series of social media posts from vx-underground, which runs the largest collection of malware source code, samples and papers on the internet. The account has become well known for its contacts with hackers and ransomware gangs, and it often shares information relayed from threat actors.

On Thursday night, hackers told vx-underground that they allegedly had access to Ubisoft systems and accounts for “roughly 48 hours” until the company realized something was wrong and revoked their access.

“They aimed to exfiltrate roughly 900gb of data but lost access,” the vx-underground account explained.

“The Threat Actor would not share how they got initial access. Upon entry they audited the users' access rights and spent time thoroughly reviewing Microsoft Teams, Confluence, and SharePoint.”

The vx-underground account shared alleged screenshots, provided by the hackers, of Microsoft Teams accounts and other points of access.

The video game publisher — best known for games like Assassin's Creed, Far Cry and Prince of Persia — was previously attacked by the Egregor ransomware gang in 2020. The group leaked the source code of a popular game.

The company also confirmed in 2021 that a misconfiguration in its IT infrastructure exposed gamer data for players of its Just Dance video game series.

If confirmed, the incident would be the latest in a series of headline-grabbing attacks on the biggest gaming studios.

On Thursday, a U.K. court sentenced Arion Kurtaj to an indefinite hospital order following his role in several attacks on large companies — the most prominent of which involved Rockstar Games, the developer of Grand Theft Auto.

Kurtaj will remain in a secure hospital for life or until doctors think he is no longer a danger to society, with Judge Patricia Lees in Southwark Crown Court saying he remained “determined to commit further serious offences if the opportunity arose.”

Less than two weeks ago, Sony began an investigation into reports of a ransomware attack on its subsidiary Insomniac Games, the studio behind popular titles like Spider-Man, Spyro the Dragon and more.

Other gaming giants like Electronic Arts, Activision Blizzard, Bandai Namco, Capcom, CD Projekt Red and Riot Games have each dealt with cybersecurity incidents over the last three years.