uplay accounts hacked - please read

  • Page

    of 2 First / Last

    Previous
  • mr_pink 25 Mar 2013 13:35:11 19 posts
    Seen 5 hours ago
    Registered 8 years ago
    I just wanted to warn people to consider updating their uplay account passwords.

    It seems ubisoft had a security breach by Russian hackers a month or two ago (and helpfully didn't tell anyone). My uplay account was stolen recently, although I was able to get it back fairly quickly. On the support call they tried to shift blame onto yahoo and gmail, but it's pretty obvious their server was compromised.

    Hopefully I can help prevent this happening to someone else.
  • X201 25 Mar 2013 13:44:39 15,745 posts
    Seen 5 hours ago
    Registered 9 years ago
    mr_pink wrote:

    It seems ubisoft ... (and helpfully didn't tell anyone).

    Except for the press releases and the media coverage?

    /January says hello.
  • neosalad 25 Mar 2013 13:45:50 953 posts
    Seen 1 day ago
    Registered 10 years ago
    buggery...
    damn russian hackers!

    i think i only created once recently with Far Cry 3, will i have been compromised potentialy? Though might have set one up with Splinter Cell and not realised...
    :/
  • DFawkes 25 Mar 2013 13:46:56 24,053 posts
    Seen 2 hours ago
    Registered 9 years ago
    I'm not really fussy about my UPlay account, but I had been meaning to change it so it wasn't the same as another password I use that was hacked. So thanks for the reminder :)

    Oh for goodness sake, I've caught my scrotum in my zip again - Margaret Thatcher, 1986

  • jagg3r 25 Mar 2013 13:56:10 1,057 posts
    Seen 7 hours ago
    Registered 6 years ago
    Had my uplay acc also robbed a few weeks back, took ubisoft nearly a week to resolve it.
  • Cosquae 25 Mar 2013 13:59:53 1,242 posts
    Seen 6 hours ago
    Registered 5 years ago
    @jagg3r Reminds me, must get a few co-op games of FC3 in with you at some point. Got the game recently, enjoying it.
  • NimbusTLD 25 Mar 2013 14:31:54 65 posts
    Seen 5 hours ago
    Registered 5 years ago
    Using strong passwords will mitigate this type of thing happening to you in the future. A 16 character password takes way to long to crack using today's methods, so will pretty much protect you from such hacker attacks.
  • spindle9988 25 Mar 2013 14:33:11 3,676 posts
    Seen 1 day ago
    Registered 7 years ago
    What exactly can they steal from you, havent really usesd uplay
  • THFourteen 25 Mar 2013 14:37:17 34,471 posts
    Seen 7 hours ago
    Registered 9 years ago
    Shikasama wrote:
    NimbusTLD wrote:
    Using strong passwords will mitigate this type of thing happening to you in the future. A 16 character password takes way to long to crack using today's methods, so will pretty much protect you from such hacker attacks.
    False
    THats not quite 16 characters.
  • mr_pink 25 Mar 2013 15:17:11 19 posts
    Seen 5 hours ago
    Registered 8 years ago
    @X201 And if I didn't see the media coverage? They should have sent an email out to uplay customers informing them of the breach and to reset their passwords. That is what a responsible company would do.
  • mr_pink 25 Mar 2013 15:18:28 19 posts
    Seen 5 hours ago
    Registered 8 years ago
    @spindle9988 It's equivalent to stealing your steam account (i.e. with all your steam games).
  • mr_pink 25 Mar 2013 15:21:52 19 posts
    Seen 5 hours ago
    Registered 8 years ago
    jagg3r wrote:
    Had my uplay acc also robbed a few weeks back, took ubisoft nearly a week to resolve it.
    Glad you got it back in the end. For all the smart-arses on this thread, this is exactly the annoyance I'm trying to save someone.

    Fortunately I got my account back pretty much right away by calling them.
  • mr_pink 25 Mar 2013 15:24:22 19 posts
    Seen 5 hours ago
    Registered 8 years ago
    @neosalad Well, it probably wouldn't hurt to change your password.

    I also hear that linking it to your facebook account supposedly helps security somehow, perhaps to make it easier to claim back IDK.

    Edited by mr_pink at 15:25:17 25-03-2013
  • warlockuk 25 Mar 2013 16:34:51 19,223 posts
    Seen 3 days ago
    Registered 10 years ago
    Were the passwords stored unencrypted? ...am I going to have to change the passwords on anything that used the same un/pw combo again? (Thanks, Gawker you cunts)

    I'm a grumpy bastard.

  • mr_pink 25 Mar 2013 16:53:04 19 posts
    Seen 5 hours ago
    Registered 8 years ago
    @warlockuk If they were stored unencrypted that would be especially shoddy. However, if they were stored encrypted without a password salt string or the hackers had access to that, then they can still brute-force decrypt them and use lookup tables. As to whether you want to update other accounts, it's probably not a bad idea to do so.
  • waggy79 25 Mar 2013 19:37:27 1,094 posts
    Seen 5 hours ago
    Registered 7 years ago
    I had my steam account hacked just a week or so ago. They gifted everything in my inventory to another account. Wasn't a major deal as it was just loads of dota 2 codes which are worth pittance.

    I found out when I got an email from steamguard that someone had attempted to access steam from a different computer (at around 3 in the morning). The next night after I'd changed passwords I got an email saying they'd tried to access it again. The advice I was given was to make sure I have steamguard enabled on my account! :confused:
  • NimbusTLD 26 Mar 2013 13:40:08 65 posts
    Seen 5 hours ago
    Registered 5 years ago
    @Shikasama If I change my wording to "random 16 character string including lower and uppercase letters, numbers and special symbols" do you still consider this false? And why?
  • NimbusTLD 26 Mar 2013 13:41:32 65 posts
    Seen 5 hours ago
    Registered 5 years ago
    @waggy79 Umm... if I understand correctly, not only did they hack your Steam account, they also hacked your email account, unless you had Steamguard disabled?
  • NimbusTLD 26 Mar 2013 15:21:30 65 posts
    Seen 5 hours ago
    Registered 5 years ago
    @Shikasama That is incorrect. Using all 96 possible characters (lower and uppercase, numbers and symbols) for an 8 character password yields 7.2 quadrillion possibilities. Using a supercomputer which is trying 1,000,000,000 passwords/sec it would take 83.5 days to go through every single permutation. On a more realistic setup with 100,000,000 passwords/sec it would take over 2 years. Increase the character count by 1 to 9 and time to crack increases exponentially. So for all intents and purposes it is impractical to crack a random 16 character password. Obviously this does not apply to dictionary words and commonly used passwords patterns.

    Edited by NimbusTLD at 15:37:00 26-03-2013
  • spindle9988 26 Mar 2013 16:09:31 3,676 posts
    Seen 1 day ago
    Registered 7 years ago
    @Mr_Pink

    cheers mate
  • neilka 26 Mar 2013 17:15:05 16,531 posts
    Seen 3 hours ago
    Registered 9 years ago
    NimbusTLD is available for weddings and parties, ladies and gentlemen

    BAAANG!!!!! EXPLOTION!!!!!

  • NimbusTLD 26 Mar 2013 20:37:31 65 posts
    Seen 5 hours ago
    Registered 5 years ago
    @neilka xD as security maybe!
  • Deleted user 26 March 2013 20:39:12
    Once more:

  • NimbusTLD 26 Mar 2013 20:39:26 65 posts
    Seen 5 hours ago
    Registered 5 years ago
    @Shikasama Hashing merely affects how many passwords per second can be tried.

    I will check out what you suggest, I'm always up for learning something more :)

    Edited by NimbusTLD at 20:44:29 26-03-2013
  • Page

    of 2 First / Last

    Previous
Log in or register to reply