Ubisoft has been hit again. Just as they were attacked in 2010 by a coordinated group of attackers calling themselves Skid Row, trying to enforce vigilante justice against terms of the game-makers they disputed, another coordinated attack against the makers of Assassins Creed, Just Dance, and Tom Clancy’s The Division has compromised the e-mail addresses, encrypted passwords, and user names of game players. If you play the game, reset that password, and on any site you used the same password.
“We recently discovered that one of our Web sites was exploited to gain unauthorized access to some of our online systems,” said Ubisoft in a statement. “During this process, we learned that data had been illegally accessed from our account database.”
Or in other words, “We’ve been done.” Not that financial information was compromised – no credit cards, no bank accounts – but savvy criminals can figure out encrypted passwords, especially if they are simplistic, and with a little nefarious sleuthing, perhaps take over your identity using your user name and email address.
This is why it is wise to have a fresh password for every site you use, and computer programmers are among those who bother to make passwords using multiple cases, numbers, and other characters (ex: pA$sW@r9). The only problem with creating difficult password individually for a series of websites is how forgettable they all are, and some people resort to saving them all in a text file or on a handwritten list which could also, perhaps, be in itself stolen. An alternative it to develop a personal code such as a password substrate that gets mixed in a unique way with each site you use it on (ex: SITEONE + genericpassword = SgIeTnEeOrNiEcpassword). Of course, so long as you have the personal “rules” for password creation, you could figure out forgotten passwords relatively easily.