Ubisoft has confirmed that its popular video game series Just Dance has been targeted by cyber criminals.
The games developer confirmed that customer information was compromised after attackers exploited a “misconfiguration”.
A statement from Ubisoft said that the breach was limited to “technical identifiers” including GameTags, profile IDs and device IDs, as well as recordings of Just Dance videos that were uploaded to a database accessible to other players.
Although this information by itself won’t give attackers the ability to cause significant damage, they may be able to use it in phishing scams to trick users into handing over personal data or downloading malware.
Gamers are also at risk of brute-force password attacks, in which attackers use commonly used login credentials alongside compromised login details to force access into players’ accounts.
Additionally, users who use the same passwords on multiple services are also at risk. Criminal hackers often use login credentials that have been compromised elsewhere, so if they can link players’ Just Dance accounts to another that has been breached, they could gain access to players’ accounts.
As such, Ubisoft has advised all users to reset their passwords and to use two-factor authentication.
The developer added that its internal investigation did not reveal that any Ubisoft account information was compromised in the incident.
Was internal unrest responsible for this breach?
Axios reported this week that Ubisoft has faced a wave of resignations over the last 18 months due to low pay, organisational dysfunction and a wave of scandals.
A developer who recently left the firm said that a former colleague had asked for help solving an issue with a game because there was no one left at the company who knew the system.
The issues reportedly began eighteen months ago – a few months into the COVID-19 pandemic – with employees criticising the company culture. One former employee said: “”There’s something about management and creative scraping by with the bare minimum that really turned me away.”
They are just one of hundreds of Ubisoft employees to publicly criticise the developer, which is also responsible for the Assassin’s Creed franchise, Far Cry and Watch Dogs.
Employees have dubbed the wave of departures as “the great exodus”, and several hundred people have signed an open letter urging Ubisoft to address problems within the company.
With this level of conflict to contend with, its not a surprise to hear that a misconfiguration would go unnoticed. Organisations can mitigate this risk by creating a secure development policy, but if employees within the chain of command leave and no one is there to take on their responsibilities, mistakes can happen.
There’s no proof that this is exactly what happened with Ubisoft, but it’s nonetheless a lesson on the relationship between cyber security and workplace culture. If you have a dissatisfied workforce, mistakes are far more likely to occur.