Ubisoft is reportedly investigating an “unknown threat actor” who allegedly gained access to the company’s Microsoft Teams, Confluence, Atlas, and SharePoint channels for 48 hours before access was revoked.
According to the Gaming Leaks and Rumours subreddit and as reported by Bleeping Computer, screenshots allegedly taken during the 20th December hack have since been leaked online. Ubisoft has reportedly confirmed it is investigating an “alleged data security incident”.
“December 20th, an unknown Threat Actor compromised Ubisoft,” tweeted vx-underground. “The individual had access for roughly 48 hours until administration realised something was off, and access was revoked.
“They aimed to exfiltrate roughly 900GB of data but lost access,” vx-underground adds. It’s not clear what, if any, data the hacker obtained before they were kicked from the system.
December 20th an unknown Threat Actor compromised Ubisoft. The individual had access for roughly 48 hours until administration realized something was off and access was revoked.
They aimed to exfiltrate roughly 900gb of data but lost access.
— vx-underground (@vxunderground) December 22, 2023
Apparently, the “threat actor” would not share how they got initial access, but upon entry into Ubisoft’s internal systems, the hacker “audited users access rights and spent time thoroughly reviewing Microsoft Teams, Confluence, and SharePoint”.
Access was revoked before the threat actor successfully exfiltrated Rainbow Six Siege user data.
“We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time,” Ubisoft said in a statement to BleepingComputer.
Marvel’s Spider-Man developer Insomniac Games has now released a statement addressing the ransomware attack on its studio earlier this month, the release of stolen data this week, and the spread of information on upcoming projects now circulating the internet.
The PlayStation studio had stayed silent until now, something it said was a result of it being “focused inward” to support team members. Personal data was included in the breach, Insomniac confirmed, but the studio is still “working quickly” to examine the impact.
On the spread of stolen material relating to Marvel’s Wolverine and other, upcoming game projects, Insomniac said it would share information “when the time was right”.