Ubisoft’s internal services were compromised in a security breach this week when hackers attempted to steal 900GB of data, including Rainbow Six Siege user data, according to VX-Underground. Ubisoft spotted the breach 48 hours later, and was able to revoke the hackers’ access before they could successfully exfiltrate the data.
In a statement to BleepingComputer, Ubisoft said, “We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time.” VX-Underground posted redacted screenshots shared by the attacker that allegedly show they accessed Microsoft Teams conversations, the Ubisoft SharePoint server, Confluence and MongoDB Atlas. “The Threat Actor would not share how they got initial access,” VX-Underground wrote in a post on X. “Upon entry they audited the users access rights and spent time thoroughly reviewing Microsoft Teams, Confluence, and SharePoint.”
December 20th an unknown Threat Actor compromised Ubisoft. The individual had access for roughly 48 hours until administration realized something was off and access was revoked.
They aimed to exfiltrate roughly 900gb of data but lost access.
— vx-underground (@vxunderground) December 22, 2023
According to VX-Underground, the attackers’ attempt to get Rainbow Six Siege user data was unsuccessful. It’s unclear at this time if they were able to get any sensitive information before Ubisoft shut the whole thing down.