Community Manager
Junior Member
Login success
Craiova, Romania
82.XX.XX.102
about 7 hours ago
I changed my password but they too got past my 2FA which is concerning.
Also telling people that auth works and their stuff is safe when there's obviously some kind of leak is worrying. I hope you look into this deeper. : (
There is always another way past things. I say this in concern as I like Ubisoft products and if something happened it could absolutely jeopardize what you have.
(Not a threat from me, just an explanation of why you might want to approach the issue before it could infest into people's potential wallets...)
This is starting to remind me of how Town of Salem went down. So the concern is very real. And if the problem is with 2FA itself it'd still be considered as an issue that needs to be dealt with.
Community Manager
PrinceSugoi: Hi there, PrinceSugoi! Thanks for sharing your concerns! I reviewed your account and from what I can see this was merely a log in attempt but was unsuccessful and was unable to access your Ubisoft Account Information. This information was logged to inform you that someone was trying to access your account, but please rest assured that they were unable thanks to your 2 Step Verification being enabled.
Junior Member
Community Manager
medion_no: Hi there, medion_no! Thanks for posting about this experience. I took a look at your account and saw that these attempts were done before you had 2 Step Verification enabled on your Ubisoft Account. I'm very glad to see that you have chosen to enable 2 Step Verification at this time and do apologize that you had that experience as a motivation. Please let me know if you need any assistance with resetting your password or changing your email if you wish to do so.
Junior Member
I have received email about login from unknown IP
I have 2FA and secure password, but how did anyone can bypass 2FA? maybe it's just useles?
Is there a way to get more than last 5 logins from the list? it would be great if I'm able to get logins for at least last 2 weeks, not just 5 last attempts (which are usually my logins after urgent password change on security concern email)
Ubisoft Support Staff
Hey there.Originally Posted by Stan.D. Go to original post
Some of our websites do not require 2FA on login as you are not able to access sensitive account information or games from these websites. For example you can sign up for email updates on various games. It looks like this particular login that has triggered his alert was a login to one of these websites. As you have 2 step verification active they wouldn't be able to access or change your account details as they would be prompted for the 2FA code but in the interest of account security I would recommend changing your password if you haven't already done so and if you want to be extra careful you could also change the registered email on the account from the account management website. Thanks.
Junior Member
Even though you guys have replied with “with the 2FA your information is safe blahblah”, I am assuming you guys don’t want to realize bruteforcers can access to our passwords with trying hundreds of times without a flaw or a block from your systems. By doing this they can access to our passwords which we may also use on other websites that carry critical information. Leaving the responsibility to the customer by saying “then put a different password for each website!” is unacceptable as your systems are allowing to exploit our well-protected passwords. There is still no explanation on how these people get access to our passwords and log-in constantly, whereas it is impossible on other platforms. Please stop doing pointless explanations to people and deliver these problems to your IT teams who can actually fix the security flaws. If I see an IP that had successfully logged into my account on Ubisoft and then on another account let’s say on Steam, Gmail, Hotmail or whatever with the same IP, I have the right to sue you guys because of your compromised security system that allows hackers to exploit customers passwords. Mail me for updates or fix of flaws as I really am worried to even use Ubisoft’s services anymore.
Ubisoft Support Staff EMEA
Hi erensait,
Thank you for providing us with your concerns.
Just to confirm, on one front, we do have a lockout for Brute force attacks and accounts will be temporarily locked or be 'locked' until a password reset if there is sufficient suspicious activity.
Using a different password for different services is common security advice, and we are not intending to push responsibility on to yourself. For instance if a user has used the same password for years, they may have used it on a defunct service or website and these are some of the most common ways that login details are leaked. If you have then used that on multiple services such as ourselves and Steam, then it increases the damage of any potential attacks.
Security is a key concern for us, and we are always looking into improvements to the system and how to keep customer accounts safe.
Junior Member
I'm sorry, but after reading through this (and experiencing a successful login on my account), I don't feel comfortable with this service. Being able to verify a password without the 2 factor authentication is indeed a security flaw. My password was not easily guessed, but it wasn't so long that it couldn't be brute forced given sufficient time. The complacent attitude you Ubisoft employees have towards this issue will likely end in a major security breach before long, where this flaw was one of the factors leading up to it. In my mind, it is only a matter of time before a large-scale incident occurs, and so closing my account is the only way I can keep my personal details safe.
