{ "id": "384e2eeb-a04e-466e-b407-435b1fcf387c", "created_at": "2026-04-06T00:06:19.571782Z", "updated_at": "2026-04-10T13:11:18.451504Z", "deleted_at": null, "sha1_hash": "138c5c3590565c0589a347356caac51e6334e81a", "title": "Ubisoft confirms 'cyber security incident', resets staff passwords", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2150979, "plain_text": "Ubisoft confirms 'cyber security incident', resets staff passwords\r\nBy Ax Sharma\r\nPublished: 2022-03-12 · Archived: 2026-04-05 16:31:06 UTC\r\nVideo game developer Ubisoft has confirmed that it suffered a 'cyber security incident' that caused disruption to its games,\r\nsystems, and services.\r\nThe announcement comes after multiple Ubisoft users had reported issues last week accessing their Ubisoft service.\r\nData extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus\r\nfar, appears to be behind this incident.\r\nhttps://www.bleepingcomputer.com/news/security/ubisoft-confirms-cyber-security-incident-resets-staff-passwords/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ubisoft-confirms-cyber-security-incident-resets-staff-passwords/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nUbisoft initiates 'company-wide password reset'\r\nVideo game production giant Ubisoft states it experienced a cyber security incident sometime last week.\r\n\"Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems,\r\nand services,\" says the company in a succinct news release.\r\n\"Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a\r\ncompany-wide password reset.\"\r\nHeadquartered in Montreuil with its studios around the world, the game maker has repeatedly produced hit titles\r\nincluding Assassin's Creed, Far Cry, For Honor, Just Dance, Prince of Persia, Rabbids, Rayman, Tom Clancy's, and Watch\r\nDogs.\r\nOn March 4th, users on Twitter and Downdetector did report issues accessing some of the Ubisoft services, that appear to be\r\nlinked to this incident:\r\nUbisoft users reported issues last week (Twitter)\r\nAt this time, there is no evidence indicating any personal information of players was exposed during the incident.\r\nThe company confirms that all Ubisoft games and services are now functioning normally.\r\nLAPSUS$ group reacts to the disclosure\r\nNews of Ubisoft confirming the cyber security incident was first reported by The Verge.\r\nMoments later, admins of what is believed to be Lapsus$' Telegram group reacted to The Verge's initial report with a smirk\r\nemoji, insinuating that Lapsus$ is behind the hack:\r\nhttps://www.bleepingcomputer.com/news/security/ubisoft-confirms-cyber-security-incident-resets-staff-passwords/\r\nPage 3 of 5\n\nLapsus$ group appears to claim responsibility on Telegram (BleepingComputer)\r\nLapsus$ has previously leaked gigabytes of proprietary data purportedly stolen from leading companies as Samsung,\r\nNVIDIA, and Mercado Libre confirmed this month they had suffered a breach.\r\nData extortion groups like Lapsus$ breach victims but as opposed to encrypting confidential files like a ransomware\r\noperator would, these actors steal and hold on to victims' proprietary data, and publish it should their extortion demands not\r\nbe met.\r\nIn 2020, Egregor ransomware had hit game developer Crytek and leaked what they claim were files stolen from Ubisoft's\r\nnetwork. Although, at the time, Ubisoft did not confirm the authenticity of the claim.\r\nIn this case, however, it does not seem that Lapsus$ or any other threat actor was able to obtain Ubisoft's proprietary data,\r\nand the investigation continues.\r\nhttps://www.bleepingcomputer.com/news/security/ubisoft-confirms-cyber-security-incident-resets-staff-passwords/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ubisoft-confirms-cyber-security-incident-resets-staff-passwords/\r\nhttps://www.bleepingcomputer.com/news/security/ubisoft-confirms-cyber-security-incident-resets-staff-passwords/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/ubisoft-confirms-cyber-security-incident-resets-staff-passwords/" ], "report_names": [ "ubisoft-confirms-cyber-security-incident-resets-staff-passwords" ], "threat_actors": [ { "id": "be5097b2-a70f-490f-8c06-250773692fae", "created_at": "2022-10-27T08:27:13.22631Z", "updated_at": "2026-04-10T02:00:05.311385Z", "deleted_at": null, "main_name": "LAPSUS$", "aliases": [ "LAPSUS$", "DEV-0537", "Strawberry Tempest" ], "source_name": "MITRE:LAPSUS$", "tools": [ "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "d4b9608d-af69-43bc-a08a-38167ac6306a", "created_at": "2023-01-06T13:46:39.335061Z", "updated_at": "2026-04-10T02:00:03.291149Z", "deleted_at": null, "main_name": "LAPSUS", "aliases": [ "Lapsus", "LAPSUS$", "DEV-0537", "SLIPPY SPIDER", "Strawberry Tempest", "UNC3661" ], "source_name": "MISPGALAXY:LAPSUS", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "f763fd1f-f697-40eb-a082-df6fd3d13cb1", "created_at": "2023-01-06T13:46:38.561288Z", "updated_at": "2026-04-10T02:00:03.024326Z", "deleted_at": null, "main_name": "Infy", "aliases": [ "Operation Mermaid", "Prince of Persia", "Foudre" ], "source_name": "MISPGALAXY:Infy", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2347282d-6b88-4fbe-b816-16b156c285ac", "created_at": "2024-06-19T02:03:08.099397Z", "updated_at": "2026-04-10T02:00:03.663831Z", "deleted_at": null, "main_name": "GOLD RAINFOREST", "aliases": [ "Lapsus$", "Slippy Spider ", "Strawberry Tempest " ], "source_name": "Secureworks:GOLD RAINFOREST", "tools": [ "Mimikatz" ], "source_id": "Secureworks", "reports": null }, { "id": "52d5d8b3-ab13-4fc4-8d5f-068f788e4f2b", "created_at": "2022-10-25T16:07:24.503878Z", "updated_at": "2026-04-10T02:00:05.014316Z", "deleted_at": null, "main_name": "Lapsus$", "aliases": [ "DEV-0537", "G1004", "Slippy Spider", "Strawberry Tempest" ], "source_name": "ETDA:Lapsus$", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "59c9f31b-e032-44b9-bf3b-4f2cb3d17e39", "created_at": "2022-10-25T16:07:23.734244Z", "updated_at": "2026-04-10T02:00:04.731031Z", "deleted_at": null, "main_name": "Infy", "aliases": [ "APT-C-07", "Infy", "Operation Mermaid", "Prince of Persia" ], "source_name": "ETDA:Infy", "tools": [ "Foudre", "Infy", "Tonnerre" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775433979, "ts_updated_at": 1775826678, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/138c5c3590565c0589a347356caac51e6334e81a.pdf", "text": "https://archive.orkl.eu/138c5c3590565c0589a347356caac51e6334e81a.txt", "img": "https://archive.orkl.eu/138c5c3590565c0589a347356caac51e6334e81a.jpg" } }