Support NeoGAF

[Mupod]

I didn't get any email, but I only made an account there very recently.

At this point I actually just have separate passwords I use for sites I don't care about since I just assume they'll all get hacked anyways. I haven't bought anything from uplay and just got it for some Zombi U unlocks.

 

[Mavromatis]

Let's not in the haste forget to check if you use the same password in any other services.
The alleged hackers will have your email and may decrypt your UBI password. It would be a real shame if you use the same password as your e-mail password. Check if you used the same password somewhere else.
About the usage of password managers I recommend Lastpass, besides changing your pass easily with it you can check to see if you use the same password in another service.

 

[Reule]

Yeah, received the e-mail. Changed it with no problems. I'm glad I didn't have to remember it because I have a vague idea of what it was.

 

[Nags]

Fucking uPlay...
I'm sure i made an account cause I was forced to but, hell if I remember my pass/ID.

EDIT: oh! it appeared in my email, good stuff.

 

[lucius]

Yeah I can't even remember what it is on my consoles it just signs me in on 360/PS3, I never bought anything there anyway, it was just good for free items from beating some of their games.


Ok got email fixing it

 

[masterkajo]

Watch Dogs promotion? Ubi ARG?

I really hate when those things happen. How should I keep track of all my account details on all these varied websites all with different passwords and now I should also change them about every month because companies demand me to give them my information and then cannot adequately protect it.

 

[danielcw]

Looks like Ubisoft's reaction has been good so far.
Sending everyone an email and telling them the important facts is a big plus.

EDIT: I once found a minor not really security related bug on Ubisoft's website. It was shockingly simple
It allowed you to change all of your details, even the ones you weren't supposed to be able to change, like your country or birthday.

 

[Xdrive05]

Just spent an hour changing the same pword on like 6 other services.

Things were better when Steam was the only game in town.

 

[Dr Dogg]

This is not an accurate report of the situation. LastPass noticed some bizarre traffic coming from one of their servers. They immediately notified users of this and forced a master password reset. "We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs." In the end they concluded that either no or a very very very very small portion of data was breached (no one could actually prove any data was taken). All of that data was very securely encrypted and required the user's master password, which is supposed to be 12+ characters at a minimum, to get the underlying passwords. They brought in multiple external security firms to help audit. The real problem was that they reacted in an overkill way--they were too responsible in their disclosure, leading people to believe that the end result was that they were thoroughly hacked.

That's the summary of the event:
"For those of you who are curious: we don't have very much data indicating what potentially happened and what attack vector could have been used and are continuing to investigate it. We had our asterisk phone server more open to UDP than it needed to be which was an issue our auditing found but we couldn't find any indications on the box itself of tampering, the database didn't show any changes escalating anyone to premium or administrators, and none of the log files give us much to go on."

You can trust LastPass.

And to add to this, since 2011 (July I think, well that's when I started using it) LastPass has offered support for Goggle's Mobile Authenticator. So an even extra layer of security if you own a compatible phone (and a right pain as I found out when I left my phone in my car back at an airport carpark once).

 

[JCizzle]

Fuck your idiotic requirement that I use this shit service to play FC3 instead of just using steam. What a shit company.

 

[Stumpokapow]

Further, you can't make blanket statements like "that's not going to happen". Previously secure algorithms do get broken from time to time. Or sometimes bugs in the software implementation present weaknesses. Anyone who knows anything about the matter will find this to be nothing new.

Of course encryption algorithms get broken. But, again, point A endures--if you're using a local password manager, the attack would have to be user by user and could never steal every client at once, thus making it massively ineffective as an attack vector (if a person was targeting you, there are much better attack vectors).

And even if you are using a remote system, a company whose whole business model is selling you password security is going to be much more responsive to attacks on encryption systems than a company for whom 1 in 10,000 of their employees is a junior web programmer and thinks md5(yourpass) is a security best practice.

There are a lot of intelligent and dedicated people out there interested in breaking these systems, and as a result many people spend a lot of time, effort, and money trying to stop them. Security and complacency do not go hand in hand.

Ain't no one who is complacent, just some who are vastly ahead of others today

Ugh, I'm a member on like a million websites (obvious exaggeration). I don't remember which password I use where; Firefox remembers that for me. Dammit, Ubisoft. What a pain.

so just click "show passwords" and see what it is that firefox has saved?

http://www.howtogeek.com/111555/view-and-delete-stored-passwords-in-firefox/

 

[Mindlog]

I hate having to have a new account for every backwards fuck hacked webzone social experience just to play my games.

I just checked my UPlay password. Made me laugh. At least it was unique.

 

[amishpriest99]

Glad they at least had the courtesy to send me a password reset email. Couldn't even remember if I had a uPlay account, but I think I made one when I got Assassin's Creed III from Gamefly on the Wii U.

 

[red731]

If I had a Uplay account, would Ubi have sent a message to my email address?

Nope. I haven't received one - I am glad I saw this thread.

Thanks UBI!

 

[Dr Dogg]

Let's not in the haste forget to check if you use the same password in any other services.
The alleged hackers will have your email and may decrypt your UBI password. It would be a real shame if you use the same password as your e-mail password. Check if you used the same password somewhere else.
About the usage of password managers I recommend Lastpass, besides changing your pass easily with it you can check to see if you use the same password in another service.

To be fair unless UbiSoft has been very careless it would be quite unfortunate to decrypt their stored passwords. Though I would be worried if I was one of those individuals that uses something like 'abc123' or 'password' or even 'password1' as their password for each and every site they use. One of my mates still uses this to this day even after having his PayPal done over, silly boy.

 

[RoadHazard]

The only thing I have my Uplay acount for is Trials Evolution Gold, and that game is dead and abandoned, so... eh. Oh well, guess I'll change my password anyway. Although, how the hell do I do that when the Ubi site is down?!

EDIT: Ok, the password reset link they e-mailed me worked.

 

[Turok_TTZ]

That Watch Dogs guy strikes again!

This gave me a chuckle.

 

[joe1138]

Just got the email. Seeing as how I literally own only three Ubisoft games (all quite old), this has to be a result of my signing up for a UPlay account via the Wii U a little while back. Damn.

 

[DeadRockstar]

Nope. I haven't received one - I am glad I saw this thread.

Thanks UBI!

Same here. No email yet, but I have an account. God only knows what for.

Either way, took 30 seconds to change with 1Password. So glad I started using that last year.

 

[NYCmetsfan]

Even my Schools IT department tweeted about this.

 

[See You Next Wednesday]

Now I'm trying to remember if I ever made a uPlay account.

Ever used those free themes or costumes for Assassins Creed?

 

[TheOGB]

Fuckin Ubisoft

Why is it always my best passwords that need to get reset

 

[Photolysis]

To be fair unless UbiSoft has been very careless it would be quite unfortunate to decrypt their stored passwords. Though I would be worried if I was one of those individuals that uses something like 'abc123' or 'password' or even 'password1' as their password for each and every site they use. One of my mates still uses this to this day even after having his PayPal done over, silly boy.

If they used a weak hash like MD5 or SHA1 (which companies shouldn't do but do all the time anyway) then the passwords are trivial to crack unless you've chosen a very strong password. Which few people do.

It would only be wise to assume that your hashed password is safe if Ubisoft came out and said it was hashed using something like bcrypt.

Companies and end users seem to believe that encrypted passwords are far more secure than they actually are. High end graphics cards these days can tear through passwords if they're not hashed properly.

 

[Enco]

Fuck this.

Only reason I have UPlay is because of FC3.

Piece of garbage software. Wanna play? Cool. Give it 30 mins.

Click on FC3 > Load up UPlay > Update UPlay > Click games tab > Click FC3 > Click Play > Update Game > Connect to network for leaderboards or some shit > Continue game > Loading > Play

B.S.

 

[Canis lupus]

Did I get a uPlay password when I played assassins creed games?

 

[larvi]

Just got this email. This is why I so hate DRM that requires setting up an ID on a vendor's server. They just don't freaking know how to manage your PI securely. It's a joke.

Oh, and btw, my email went to my junk email folder. So anyone who hasn't seen the email make sure you check there.

 

[Trouble]

Lastpass: Free on your computer, $1/month on your mobile, they store your data.

You don't have to pay to use it on mobile. They have bookmarklets that work with any browser. You have to pay to use their app.

The really nice thing about lastpass is it supports 2-factor auth using Google Authenticator. So even if someone somehow gets my master password they still couldn't log in.

 

[Nokterian]

Oh hey next one! Ubisoft also very good in securing there consumers..right? And yes i have made a new password with lastpass.

And i have been using Lastpass for now almost 3 years. Best thing ever no regrets. Also having premium since for 1 dollar a month is great. Bought a Ubikey (not nothing from ubisoft) but it is goes in a usb slot and produces a long 1 time password so a second layer.

Also your data from every website and passwords is stored encrypted on your pc,not on there servers.

 

[Enco]

You don't have to pay to use it on mobile. They have bookmarklets that work with any browser. You have to pay to use their app.

The really nice thing about lastpass is it supports 2-factor auth using Google Authenticator. So even if someone somehow gets my master password they still couldn't log in.

It's only $1 a month and in my opinion it's well worth it.

Yes they store your data but its encrypted to hell and back. No way anyone can make any use of it. Unless if your master password is 'lol123' then you'll be absolutely fine.

Beats having your details stored offline and need long winded ways to access them offsite.

 

[maabus1999]

https://support.ubi.com/en-US/FAQ.a...=2030&productid=3888&faqid=kA030000000eYZ2CAM

So you're saying I have to remember my U-play password to change it?

That will be a challenge.

 

[Nokterian]

No. There was a traffic discrepancy they couldn't account for, but no evidence of a hack or that any data had been taken.

People keep fucking it up since they took what needed to be done. Stop claiming with false news! Lastpass is amazing and works very well. A huge lift is from my shoulders since all those passwords these days and websites it is to mutch for my brain to handle.

 

[Kurtofan]

Fuck I received my email and changed my password, is my email address in danger?

I have no idea what my Uplay password was, fuck.

 

[Kurtofan]

So to which password does the hacker has access to? The old one or the new one?

 

[Shao Kahn Brewing a Stew]

Who's excited for the digital future?

With shit like this, not me.

Fucking stupid.

 

[larvi]

So to which password does the hacker has access to? The old one or the new one?

The old one for now and the new one in a few weeks when they get hacked again.

 

[x3sphere]

Soo, this is what, the third time uPlay's been hacked? Ubisoft has a pretty shoddy track record on security.

 

[Kazerei]

Hmm, I have a few Ubisoft games on Steam, which runs Uplay. Does that mean I have a Uplay account?

 

[Madrugador]

Uplay is such a fucking disgrace. Changing password as we speak.

 

[Joeki11a]

Will they give free games?, this is like Sonys hack fiasco but more weird, since their biggest game is a game about hacking.

Who ever did this has to be a hacker doing it for the Lulz

 

[Erebus]

Watch Dogs viral?!

 

[SolarPowered]

Luckily I don't have a uPlay account...

 

[Air Zombie Meat]

Fuck you ubisoft. Never wanted a shitty uplay account and this is what I get for it.

 

[MulderWasTaken]

The old one for now and the new one in a few weeks when they get hacked again.

I laughed.

It sucks that I don't remember what password I used for uplay. When are we going to see "we want free games for this" complains?

 

[Overdoziz]

So, apparently I mistyped my email when setting up my uPlay account by typing 'Hormail' instead of 'Hotmail'. So I won't be able to receive any emails from Ubisoft and I can't change my password. :/
Not sure how I managed to mistype it, especially since most services ask you for it twice and they send you a mail to activate your account.

 

[catabarez]

So, apparently I mistyped my email when setting up my uPlay account by typing 'Hormail' instead of 'Hotmail'. So I won't be able to receive any emails from Ubisoft so I can't change my password. :/
Not sure how I managed to mistype it, especially since most services ask you for it twice and they send you a mail to activate your account.

Call support.

 

[HT UK]

Ubisoft delay all PC games for no valid reason. Then make us sign up to UPlay to play any of their PC games. And now this....ugh.

 

[mavs]

Never should have fallen for their $0.01 game sale. Is Ubisoft really one big scam company?

 

[Turfster]

So I changed my password... or I think I did anyway.
I'd check, but every time I try to log in, the ubi site redirects to a page that tells me my browser's cookies are turned off, and that I need to turn them on.
Of course, when I go and check my cookie settings, it created one.
What the fuck Ubi.

(Edit: it does this on 3 different systems and with 3 different browsers. What?)

 

[Chromax]

Why did they have to tie Heroes of Might and Magic to this?

 

[Qurupeke]

I'm not sure if I care. I never used my account.