Junior Member
And now I also got hit with this kind of problem. I have 2FA and I recieved an e-mail from Ubisoft Account Support saying:
"New login location detected with your Ubisoft account:
t******************@yahoo.com
We have detected a login with your Ubisoft account from the following country and IP:
Country/Region: Ireland
IP address: 86.***.***.189"
When I went to change my password, I found out at Ubisoft Account Management website >> Security Settings >> Login History the following:
Login successful
Plan-les-Ouates, Switzerland - IP: 178.XXX.XXX.53
18 hours ago
Login successful
Barnsley, United Kingdom - IP: 2.XX.XXX.243
18 hours ago
Login successful
Ballina, Ireland - IP: 86.XX.XX.189
19 hours ago
So now I did change my password (to one even more secure, no less), but I am very concerned about the security of my account, because it shouldn't have happened if I had 2FA enabled. I don't even know if any of my games were tempered with. Or if my Ubisoft currency got any amount deducted from what I had. Can I check for an activity history anywhere?
Ubisoft Support Staff EMEA
Hi treboratinoi,
Thank you for contacting us.
If you speak with the Support team through one of the channels below, then they can look into that for you:
Junior Member
Exactly what does this mean!?! What website can use my UBI credentials to login, and then prompt a response from Ubi!?!
That is ****** up. I got this same email today, the login was from London.
It's ridiculous that it is possible to use my UBI username and password to login ANYWHERE except on Ubi. That should not be possible.
Please explain which websites you are referring to that this can be done on?
Community Manager
Junior Member
Community Manager
LqF_: Thanks for updating this thread! I took a look at your Ubisoft Account and I don't see any successful logins from that region. Does it show that there was a login on your account at your
account management page?
Junior Member
Started happening to me a couple of days ago, after I logged it to uplay through the epic store.
After I got the suspicious log ins I changed my password and added 2FA.
Now I keep receiving 2FA emails as if someone tries to log into my account, yet ubisoft login history displays nothing, no entry about suspicious log ins! so that means someone is trying to log in, maybe he succeeds and maybe he fails since I can't really trust this 2FA considering what is happening to other accounts on this thread, and on top of all that ubisoft don't even detect the login? the heck is going on with security here??
Junior Member
Another case here of someone accessing my account despite 2FA, the IP address was from the US, but I know how easy that is to spoof.
TO THE REPS FROM UBISOFT: You say that external sites don't require 2FA if they "do not allow you to gain any sensitive account information." This is false. By allowing logins without 2FA anywhere, you provide a system that lets a hacker confirm that they have guessed the correct password, which is very much "sensitive account information". A functioning 2FA system asks for your password, then carries out the 2FA step before it verifies the password. What you have here is the textbook definition of a security flaw.
Ubisoft Support Staff
Hey there, we did have a reported bug a little while ago with Uplay PC, whereby if you put your PC to sleep while still signed into the client, when waking it this can sometimes start to send you a large number of codes (one every five minutes). This is still under investigation at the moment, and if you're not seeing any login history / evidence, it may be that you're affected by this!Originally Posted by Im_a_Lime Go to original post
If you restart Uplay PC completely, the code emails should stop. I'd also recommend logging out the next time you put your PC to sleep, and sign back in after waking, to ensure that it doesn't re-occur from that login instance. Please let me know if this resolves the issue for you, and my apologies for the inconvenience and any concern caused!
By external sites, we are referring to our own brand websites, such as the Rainbow Six: Siege website, or the Ubisoft News website. On those websites, none of your personal information is accessible nor can be changed, so 2FA is not leveraged there.Originally Posted by Thegreger Go to original post
If you see a successful login to any site such as those, immediately update your password to another secure password, and your account will then once again be secure. With 2FA active, your games, personal information and other secure data cannot be accessed by anyone trying to fraudulently access your account.
An email notification for suspicious activity may be sent every time someone tries to access your account, even if they are unsuccessful in logging in past the password stage, to keep you in the loop.
I hope that this clarifies matters for you.
Junior Member
Got an email from ubi today stated that there was a suspicious connection from Indonesia(not my country). Then i went to my ubisoft profile @ the security section to change my password & then saw there was attempts from multiple countries?
Indonesia & Spain logged in successfully, Turkey & Netherlands failed. The connections started 16hrs ago at the time of this post. I know that because it showed my own login at the last entry(but deleted after i logged in to change password because it only shows the last 5 logins).
My question is, how did all this happen? Last time I logged on uplay to play Siege was like 1-2 weeks ago? Was there a security leaked/breached?
Already changed my password, hopefully it won't happen again. Because i wouldn't have known there were multiple successful attempts as the email only stated 1 country
