On December 22, 2023, the cybersecurity research group VX-Underground revealed Ubisoft had been the target of a cyber attack attempt, two days earlier. The cybercriminals reportedly managed to infiltrate four internal systems belonging to the French videogame publisher:
- SharePoint servers;
- the Teams comms platform;
- the Confluence collaboration software;
- the MongoDB Atlas cloud service.
According to VX-Underground, the attackers were on the verge of retrieving 900 GB worth of data, including all the personal data belonging to players of the online game Rainbow Six Siege. However, the cybercriminals seemed to lose access to the systems before being able to extract the data. On December 26, 2023, Ubisoft acknowledged a security incident, without providing details.
The attack occurred a week after a ransomware attack on another major videogame studio, Insomniac Games, a Sony subsidiary. The company refused to pay the ransom, and the cybercriminals published the stolen information.
“We know the stolen data contains personal information belonging to our employees, former employees and independent contractors. It also includes initial development information on Wolverine for PlayStation 5,” admitted Insomniac Games.