GAMES MAKER Ubisoft has warned millions of video gamers to change their passwords following a hack that exposed its users' credentials including user names, email addresses and encrypted passwords.
Ubisoft emailed subscribers and apologised in a forum post on Monday, admitting that the security breach allowed hackers to view user account information of some 58 million people on its database during the attack.
"We recently found that one of our web sites was exploited to gain unauthorised access to some of our online systems," the firm wrote in the forum post. "We instantly took steps to close off this access, investigate the incident and begin restoring the integrity of any compromised systems.
"During this process, we learned that data had been illegally accessed from our account database, including user names, email addresses and encrypted passwords."
Ubisoft said that no personal payment information is stored on its servers, so gamers' payment card information was safe from this intrusion.
The games maker also advises users to change passwords on any other websites or services where they used the same or similar passwords, "out of an abundance of caution".
However it didn't take long for the Ubisoft forum to fill up with replies from worried users.
One commenter, Shirothesniper complained that they were unable to change their password because the Ubisoft website said "page under maintenance".
Another user named Belsameth demanded to know what steps the firm is taking to prevent such breaches in the future.
"As a sidenote. It does explain why I got a spam email with my real name in it," the user said.
Another user advised the firm to increase its maximum character length from 16 characters to make it harder for hackers to crack into the website in future.
However, Vormetric data security expert Paul Ayers said the Ubisoft hack proved that things like perimeter security and simple encryption "just don't cut it", as hackers are continuing to find a way in.
"Organisations looking to combat against attacks of this nature need to be much more focused on locking down the data itself (at the source). 'Firewalling' sensitive information and changing its state through advanced encryption is best practice when it comes to keeping your customers' data safe," he said.
Ubisoft said it believes the attack was not related to earlier security breaches. µ