uplay accounts hacked - please read

  • Page

    of 2 First / Last

    Previous
  • mr_pink 25 Mar 2013 13:35:11 18 posts
    Seen 3 hours ago
    Registered 7 years ago
    I just wanted to warn people to consider updating their uplay account passwords.

    It seems ubisoft had a security breach by Russian hackers a month or two ago (and helpfully didn't tell anyone). My uplay account was stolen recently, although I was able to get it back fairly quickly. On the support call they tried to shift blame onto yahoo and gmail, but it's pretty obvious their server was compromised.

    Hopefully I can help prevent this happening to someone else.
  • X201 25 Mar 2013 13:44:39 15,342 posts
    Seen 4 hours ago
    Registered 8 years ago
    mr_pink wrote:

    It seems ubisoft ... (and helpfully didn't tell anyone).

    Except for the press releases and the media coverage?

    /January says hello.
  • neosalad 25 Mar 2013 13:45:50 953 posts
    Seen 7 hours ago
    Registered 10 years ago
    buggery...
    damn russian hackers!

    i think i only created once recently with Far Cry 3, will i have been compromised potentialy? Though might have set one up with Splinter Cell and not realised...
    :/
  • DFawkes 25 Mar 2013 13:46:56 22,911 posts
    Seen 3 hours ago
    Registered 9 years ago
    I'm not really fussy about my UPlay account, but I had been meaning to change it so it wasn't the same as another password I use that was hacked. So thanks for the reminder :)

    Oh for goodness sake, I've caught my scrotum in my zip again - Margaret Thatcher, 1986

  • graysonavich 25 Mar 2013 13:50:27 7,337 posts
    Seen 3 hours ago
    Registered 4 years ago
    If they gain access to my 5 minute save of From Dust I'm going to be livid.
  • Shikasama 25 Mar 2013 13:53:56 6,819 posts
    Seen 3 hours ago
    Registered 6 years ago
    Or my Splinter Cell conviction save that was inexpicliabley rolled back twice
  • jagg3r 25 Mar 2013 13:56:10 1,037 posts
    Seen 5 hours ago
    Registered 6 years ago
    Had my uplay acc also robbed a few weeks back, took ubisoft nearly a week to resolve it.
  • Cosquae 25 Mar 2013 13:59:53 1,220 posts
    Seen 5 hours ago
    Registered 5 years ago
    @jagg3r Reminds me, must get a few co-op games of FC3 in with you at some point. Got the game recently, enjoying it.
  • NimbusTLD 25 Mar 2013 14:31:54 65 posts
    Seen 4 hours ago
    Registered 5 years ago
    Using strong passwords will mitigate this type of thing happening to you in the future. A 16 character password takes way to long to crack using today's methods, so will pretty much protect you from such hacker attacks.
  • spindle9988 25 Mar 2013 14:33:11 3,583 posts
    Seen 2 days ago
    Registered 7 years ago
    What exactly can they steal from you, havent really usesd uplay
  • Shikasama 25 Mar 2013 14:35:59 6,819 posts
    Seen 3 hours ago
    Registered 6 years ago
    NimbusTLD wrote:
    Using strong passwords will mitigate this type of thing happening to you in the future. A 16 character password takes way to long to crack using today's methods, so will pretty much protect you from such hacker attacks.
    False
  • THFourteen 25 Mar 2013 14:37:17 33,381 posts
    Seen 5 hours ago
    Registered 9 years ago
    Shikasama wrote:
    NimbusTLD wrote:
    Using strong passwords will mitigate this type of thing happening to you in the future. A 16 character password takes way to long to crack using today's methods, so will pretty much protect you from such hacker attacks.
    False
    THats not quite 16 characters.
  • mr_pink 25 Mar 2013 15:17:11 18 posts
    Seen 3 hours ago
    Registered 7 years ago
    @X201 And if I didn't see the media coverage? They should have sent an email out to uplay customers informing them of the breach and to reset their passwords. That is what a responsible company would do.
  • mr_pink 25 Mar 2013 15:18:28 18 posts
    Seen 3 hours ago
    Registered 7 years ago
    @spindle9988 It's equivalent to stealing your steam account (i.e. with all your steam games).
  • mr_pink 25 Mar 2013 15:21:52 18 posts
    Seen 3 hours ago
    Registered 7 years ago
    jagg3r wrote:
    Had my uplay acc also robbed a few weeks back, took ubisoft nearly a week to resolve it.
    Glad you got it back in the end. For all the smart-arses on this thread, this is exactly the annoyance I'm trying to save someone.

    Fortunately I got my account back pretty much right away by calling them.
  • mr_pink 25 Mar 2013 15:24:22 18 posts
    Seen 3 hours ago
    Registered 7 years ago
    @neosalad Well, it probably wouldn't hurt to change your password.

    I also hear that linking it to your facebook account supposedly helps security somehow, perhaps to make it easier to claim back IDK.

    Edited by mr_pink at 15:25:17 25-03-2013
  • warlockuk 25 Mar 2013 16:34:51 19,161 posts
    Seen 3 hours ago
    Registered 10 years ago
    Were the passwords stored unencrypted? ...am I going to have to change the passwords on anything that used the same un/pw combo again? (Thanks, Gawker you cunts)

    I'm a grumpy bastard.

  • mr_pink 25 Mar 2013 16:53:04 18 posts
    Seen 3 hours ago
    Registered 7 years ago
    @warlockuk If they were stored unencrypted that would be especially shoddy. However, if they were stored encrypted without a password salt string or the hackers had access to that, then they can still brute-force decrypt them and use lookup tables. As to whether you want to update other accounts, it's probably not a bad idea to do so.
  • Shikasama 25 Mar 2013 16:54:18 6,819 posts
    Seen 3 hours ago
    Registered 6 years ago
    @THFourteen That'll be where I was going wrong!
  • waggy79 25 Mar 2013 19:37:27 961 posts
    Seen 3 days ago
    Registered 7 years ago
    I had my steam account hacked just a week or so ago. They gifted everything in my inventory to another account. Wasn't a major deal as it was just loads of dota 2 codes which are worth pittance.

    I found out when I got an email from steamguard that someone had attempted to access steam from a different computer (at around 3 in the morning). The next night after I'd changed passwords I got an email saying they'd tried to access it again. The advice I was given was to make sure I have steamguard enabled on my account! :confused:
  • NimbusTLD 26 Mar 2013 13:40:08 65 posts
    Seen 4 hours ago
    Registered 5 years ago
    @Shikasama If I change my wording to "random 16 character string including lower and uppercase letters, numbers and special symbols" do you still consider this false? And why?
  • NimbusTLD 26 Mar 2013 13:41:32 65 posts
    Seen 4 hours ago
    Registered 5 years ago
    @waggy79 Umm... if I understand correctly, not only did they hack your Steam account, they also hacked your email account, unless you had Steamguard disabled?
  • Shikasama 26 Mar 2013 13:54:13 6,819 posts
    Seen 3 hours ago
    Registered 6 years ago
    NimbusTLD wrote:
    @Shikasama If I change my wording to "random 16 character string including lower and uppercase letters, numbers and special symbols" do you still consider this false? And why?
    Forgive my rather facetious reply. If someone is actually going to the effort of brute forcing passwords then they'll have a proper set up and be using GPUs to do it. You can chew through so many more combinations than you used to be able to.

    Even 32 bit strings aren't considered overly secure anymore. Soon enough it'll all be about biometrics.
  • NimbusTLD 26 Mar 2013 15:21:30 65 posts
    Seen 4 hours ago
    Registered 5 years ago
    @Shikasama That is incorrect. Using all 96 possible characters (lower and uppercase, numbers and symbols) for an 8 character password yields 7.2 quadrillion possibilities. Using a supercomputer which is trying 1,000,000,000 passwords/sec it would take 83.5 days to go through every single permutation. On a more realistic setup with 100,000,000 passwords/sec it would take over 2 years. Increase the character count by 1 to 9 and time to crack increases exponentially. So for all intents and purposes it is impractical to crack a random 16 character password. Obviously this does not apply to dictionary words and commonly used passwords patterns.

    Edited by NimbusTLD at 15:37:00 26-03-2013
  • spindle9988 26 Mar 2013 16:09:31 3,583 posts
    Seen 2 days ago
    Registered 7 years ago
    @Mr_Pink

    cheers mate
  • neilka 26 Mar 2013 17:15:05 15,900 posts
    Seen 2 hours ago
    Registered 9 years ago
    NimbusTLD is available for weddings and parties, ladies and gentlemen

    A map is like comparing velocity and speed.

  • Shikasama 26 Mar 2013 17:25:21 6,819 posts
    Seen 3 hours ago
    Registered 6 years ago
    I respect your knowledge in this area Nimbus but this has proved demonstrably false as recently as December this year. Obviously it depends on the type of hashing used for passwords and what have you.

    This is one of the hottest topics in PC security at the minute and I won't pretend I know about it in any great detail but some quick googling will yield some interesting results if you want to read further. Type in the name 'Jeremi Gosney' for a really good (and recent) start.
  • NimbusTLD 26 Mar 2013 20:37:31 65 posts
    Seen 4 hours ago
    Registered 5 years ago
    @neilka xD as security maybe!
  • Deleted user 26 March 2013 20:39:12
    Once more:

  • NimbusTLD 26 Mar 2013 20:39:26 65 posts
    Seen 4 hours ago
    Registered 5 years ago
    @Shikasama Hashing merely affects how many passwords per second can be tried.

    I will check out what you suggest, I'm always up for learning something more :)

    Edited by NimbusTLD at 20:44:29 26-03-2013
  • Page

    of 2 First / Last

    Previous
Log in or register to reply