Ubisoft’s inner providers had been compromised in a safety breach this week when hackers tried to steal 900GB of information, together with Rainbow Six Siege person knowledge, in line with VX-Underground. Ubisoft noticed the breach 48 hours later, and was in a position to revoke the hackers’ entry earlier than they might efficiently exfiltrate the information.
In an announcement to BleepingComputer, Ubisoft mentioned, “We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time.” VX-Underground posted redacted screenshots shared by the attacker that allegedly present they accessed Microsoft Groups conversations, the Ubisoft SharePoint server, Confluence and MongoDB Atlas. “The Threat Actor would not share how they got initial access,” VX-Underground wrote in a put up on X. “Upon entry they audited the users access rights and spent time thoroughly reviewing Microsoft Teams, Confluence, and SharePoint.”
December twentieth an unknown Menace Actor compromised Ubisoft. The person had entry for roughly 48 hours till administration realized one thing was off and entry was revoked.
They aimed to exfiltrate roughly 900gb of information however misplaced entry.
— vx-underground (@vxunderground) December 22, 2023
In response to VX-Underground, the attackers’ try and get Rainbow Six Siege person knowledge was unsuccessful. It’s unclear right now in the event that they had been in a position to get any delicate info earlier than Ubisoft shut the entire thing down.
