Giant Bomb News


Everyone Should Change Their Uplay Password

Ubisoft admits to security exploit, meaning it’s time to mix up letters and numbers.

Is it time to finally invest in 1Password? Maybe so. Ubisoft has revealed new details about a recent website exploit that exposed its account database, including “user names, email addresses and encrypted passwords.”

“We recently found that one of our Web sites was exploited to gain unauthorized access to some of our online systems,” said the company in a statement on its forums. “We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems.”

Encrypted passwords means the passwords themselves were not exposed in their pure form, but if a particular password isn’t very strong, it wouldn’t take much trouble for it to be deciphered.

Ubisoft said payment information was not exposed, so your debit and credit card should be safe.

If your Uplay password is one shared among other web services, it’s time to change all of those, too.

Patrick Klepek on Google+
124 CommentsRefresh
Posted by rjayb89

Jesus, their site loads so slowly for me.

Posted by chikin_n_rofls


Edited by iAmJohn

These publisher-exclusive services sure are great and necessary, you guys.

Posted by jimmyfenix

i cant change my password it says cookies aren't enabled on my browser but i checked chrome and cookies are enabled :/

Posted by Spitznock


Edited by benderunit22

Thanks, François Hollande.

Posted by coaxmetal

I like lastpass better than 1password

Posted by Aviar

Yup, just got the email on this. I was thinking about starting to use Lastpass and this may finally push me to use it.

Posted by Ronald

Well, fortunately I have only used Uplay for getting in game items. Still a pain to have to change my password. Fucking hackers.

Posted by Metal_Mills

Fuck, I don't remember my pw. It could be used on any other site for all I know.

Edited by Superkenon

@rjayb89 said:

Jesus, their site loads so slowly for me.

It's not accustomed to the load of 5+ people.

Posted by Linkster7

I'm just gonna hope I don't use what ever password I use there anywhere else, and then pretend I never saw this. That'll work right?

Edited by Shevar

I find it always funny that when stuff like this happens, your payment information and credit card number always seem to be "unexposed".

Those must receive some added level of security than I guess. If that's the case, why can't they use that security to keep my password from being stolen/copied in the first place.

Edited by LibrorumProhibitorum


Posted by KarlPilkington
Edited by Tennmuerti

I've lost count of all the places that have exposed my information :/

Posted by fishmicmuffin

Well I couldn't find a way to change passwords from within the Uplay client, so dealing with their super slow website was unfortunate.

Posted by CoverlessTech

Site down? Can I just shutdown my Ubi account and purge all information?

Posted by damswedon

Hey guys who may have my password, can you tell me what my password was?

Posted by fargofallout

@iamjohn: They've certainly convinced me of their usefulness.

Posted by TheHT

God, I don't even remember what permutations of what passwords are shared between all the particular services I don't give a shit about.

Posted by Clonedzero

I dont even remember my Uplay info. Whats it even for? I think an AC game made me sign up for it or something i dont remember.

Edited by cloudyimpulse

Yeah I just got the email as well and was going to post on this forum page if no one had. Fantastic! Figured it was legit when it came in since the email address forwarder I used was ONLY used for Ubisoft to play Anno 2070.

Posted by andygazi

Hmmmm... is currently under maintenance.

Edited by cloudyimpulse

@clonedzero: I got a direct link that ask me to change my password (without requiring my old one). So I guess you would just need to know the email address you signed up with.

Posted by Zaapp1

You should swap your the way our password changing site is down.

Posted by Optix12

@jimmyfenix: Yea I had that problem when a few months ago. It was the worst as I couldnt figure it out, I think clear your cache and stuff and it may reset?

At least in this its saying encrypted passwords rather than just flat out email address directly linked with password in plain sight.

Edited by TheHBK

I don't even remember signing up. Think it was just when I popped in Assassin's Creed 2 into my xbox and it linked my XBL account?

Edited by Sin4profit

Site's down, can't change password.

Uplay, even when not playing games you find a way to be a complete piece of shit.

(update) got the e-mail and was able to reset the password that way, check your spam folders.

Edited by MeatSim

I don't remember ever putting credit card info into Uplay.

Edited by tourgen

God I hate these publisher login/online drm "services". They're always halfassed.

Posted by Parsnip

Console U-play probably doesn't count? I mean, that's just linked to your gamertag anyway, there's no password involved there, as far as I recall.


Posted by Undeadpool

Show of hands, how many people's first thought what "Wait, what IS my uPlay password??"

Edited by Shivoa

Ubi site FAQ about the breach is dated last Friday. Nice of them to publish the 'oh God, change your password' note then but not tell those hacked or the press until today.

Edited by Icicle7x3

Show of hands, how many people's first thought what "Wait, what IS my uPlay password??"

*raises hand*


Oh great. If you're going to require people to use your shitty service at least make it safe.

Posted by ConfusedOwl

This is the future people. Where all your games can be easily be stolen.

Edited by buckybit

I was complaining about the Uplay/Ubisoft infrastructure regularly over the last 12 months.

I did not get any response from the upper level management (as a consumer, without connections, there is simply no chance. They treat everyone like an idiot via their (non-)support support). And Twitter is not a proper communication pipeline for security related complaints.

I only managed to get some comments from equally troubled game devs in the Gamasutra comments, a couple months back, when Gama ran a story about Ubisoft.

Posted by JamesJeux007

And that's why, of the 4 different passwords I use when creating accounts, uPlay had the "even-if-you-happen-to-know-this-password-it's-nothing-important-anyway" one.

Posted by Winternet

The thing is, I probably have an uplay account that I don't even know/remember.

Edited by MrMazz

Or you know just never have a Uplay account because it's terrible.

Edited by Ben_H

Changed it. Luckily I didn't use that password for anything else so I don't have to worry. I already had to change a ton of passwords once because of Battlenet, I don't want to do that again.

Posted by Bribo

@parsnip: I got an email. Console uPlay totally counts.

Edited by Moonshadow101

Changed it to a completely random mash of numbers and letters. By the time I have to actually use Uplay, I will have forgotten anything else anyway.


uugggh.. So tired.. of this.. garbage.

What is with this backwards thinking bullshit? Clearly passwords are useless paper shields. Is there no other way to confirm someone's identity today? It's like every other month a website is hacked and it's change the password time. Just get rid of passwords, duh.

Posted by NegativeCero

I don't remember if I have an account either, but I may have inexplicably signed up for one while playing one of the Assassin's Creed games. Not that that matters right now because their site is "down of maintenance."

Posted by NDN_Shadow

uugggh.. So tired.. of this.. garbage.

Why can't companies get some good security. All this makes me do is lose respect for them and make me want to avoid ever having to use their shitty service again.

Edited by Luck702

Thank Jesus I was smart enough to not buy a single Ubisoft game in 4 years. Uplay has become more than just unnecessary, it's become a liability.

Edited by subyman

I got this email earlier today and thought it may be a phishing thing. I guess I need to change my PW now :(

I don't even remember what password I used on there. Guess I get to change everything.