1. #151
    I solved my problem by myself... Thanks Ubisoft!

    How to recieve stolen account[/SIZE]
    This method works only if you have assassins creed III xbox version ...(may work on ps, and/or other games that support uplay I don't know)
    So:
    1. Run any game that uses uplay (ex. Assassin's Creed III)
    2. Run uplay.
    3. Check profile ( start button)
    4. Email and password
    5. Change it back
    6. thats it.
    Share this post

  2. #152
    Originally Posted by Angroshim Go to original post
    I solved my problem by myself... Thanks Ubisoft!

    How to recieve stolen account[/SIZE]
    This method works only if you have assassins creed III xbox version ...(may work on ps, and/or other games that support uplay I don't know)
    So:
    1. Run any game that uses uplay (ex. Assassin's Creed III)
    2. Run uplay.
    3. Check profile ( start button)
    4. Email and password
    5. Change it back
    6. thats it.

    Thanks so much, this actually worked! It's a good thing I can access Uplay on a console!
    Share this post

  3. #153
    Hi guys,

    We are taking all reports of stolen accounts very seriously and are of course investigating all leads in order to identify exactly how these accounts have been compromised and take any additional action that might be needed. This is why our Support team might ask some questions to get more contextual information.

    As mentioned in my previous post, our Support team is currently processing all requests and will soon get back to you in order to restore access to your account if they haven't done so yet. I know that having to go through all these steps to show you are the rightfull owner of your account is not pleasant, but I am sure you will understand why this procedure is all the more important right now.


    Now, if you have previously linked your account to your Facebook, Playstation or Xbox account, you can use these logins to edit back your email address and password:

    - Go to www.uplay.com and use Facebook Connect or your PSN credentials to connect to your account, then update back your account information.
    Your Facebook or PSN credentials are not shared with Uplay at any point. As an additional security measure, I recommend though that you do so from a different computer than the one you usually use to play or login to our website/forums.

    - Start a Uplay-enabled from your Xbox or PS3, launch Uplay from the main menu of the game, press Start to access your profile and edit your email/password. This is only possible from a console you have already linked your account with.

    Once you've regained access to your account, please double-check that it has only been linked to platforms you do own by going to www.uplay.com, logging in and clicking on your username below your avatar picture. Should this not be the case, please contact Support as soon as possible to unlink your account.

    I hope the situation will soon be sorted out for all you. Please rest assured that on our side we are working hard to resolve this situation.


    Originally Posted by StinkinLumberja
    When I came to the idea that I might be able to access via my ps3, I could see the attacker's mail, but not his password, I could easily change the email and password without knowing the password to his account. This is not very reassuring that it is SO easy to change
    You need to first log in to PSN or Xbox Live to access Uplay and it's only possible if you have previously linked your accounts on the console. This is why it is one of the option for editing back your account suggested in the notification email you've received.

    Originally Posted by Space_hippy
    I'm not too sure if my account will be sorted, I've just remembered that I wasn't able to create a support ticket a few days ago when I realised I had my account hacked. I gave Hawk1ns24 a PM with all my details but that was it, not heard anything more!
    Please make sure you also send a ticket to Support, for example using your Space_hippy account.
    Share this post

  4. #154
    Its nice to get such a long post from somebody official. Can you tell us something about support on the weekend, espacially for me in germany?
    Share this post

  5. #155
    Originally Posted by Dark_Fread Go to original post
    Everyone should warn video games websites to make them publish a news about that situation. Ubi deserves it.
    I've stated several times that contacting games journalists is in the communities best interest at this point. Go to youtube, find out who has a lot of subscribers and pm them. Industry sites like Destructoid, Kotaku, IGN, all have 'tips' email contacts you can use. I've already notified a few but unless more people do the same it will seem isolated to them.
    Share this post

  6. #156
    Originally Posted by Dark_Fread Go to original post
    Many people who have been hacked were using strong passwords. There are two hypothesis : someone broke into Ubi database, or there is an exploit in Uplay.
    I would say it is an exploit in Uplay because I even doubt the hackers actually saw our real passwords. If it was the case, the hacker who stole my account had a perfect couple : my email and my password. Therefore he could have log (or at least try to) into my Steam account, for example. And no one tried that, according to Steamguard.
    And many people here can swear their computers are virus/malware free. Finally, the Uplay plugin have been recently known to introduce security issues.
    http://www.rockpapershotgun.com/2012...soft-pc-games/

    So, even if our computers have been hacked, it is highly possible that it's Ubi's fault.

    Anyway, I did some research and I could not find any evidence about the Amazon/EA/Yahoo hacks the Ubi Facebook page are talking about. This is ridiculous.
    I too had my account stolen and only got it back yesterday. I work for a global security company you've all heard of and you probably use their products (but if you're smart you disable them before gaming cause they make your pc SLOW hehehe). I threw every piece of software my company had at it (I get them all free), as well as other vendors, booted a debian forensics suite, and I am 100% that my computer was virus, trojan, and keylogger free at the time. If a legitimate applications configuration were modified to use an unprotected proxy however it would not ring any alarm bells so to speak.

    Often in situations like this, the hack is done at the companies end by compromising a database. The attackers are usually not able to get passwords or credit card info as these are heavily salted and hashed. But it would allow them to make changes to the account or initiate a password reset without raising too much suspicion. Everything account related is stored in databases on the server end and while the DB is physically and network protected, it must allow 'legitimate' traffic through in order to do it's job. By spoofing communication from legitimate sources like the ubi.com, uplay, etc it is able to initiate these account recovery options without looking to the server, or it's security policies, like an attacker.

    That is my best guess at the moment. The fact that the uplay client still wouldn't log in after getting my account back is the only thing that suggests the hack was client side. As somebody else stated, the uplay client was found to have several sql injection/cross site scripting bugs a few months ago, and it's possible there was a zero day exploit used here on our clients, but there is no proof of that.
    Share this post

  7. #157
    How am I supposed to get my account back and WHY IS ANYBODY allowed to change my information without email conformation? This is BS. What am I even supposed to do now? I just lost all my games because of this and the person changed my email address on my account. I can't even login by playing a game using the method above because it just tells me my information is invalid.

    Where do i even go to email support? I can't even find one thing that points me in the right direction.
    Share this post

  8. #158
    Originally Posted by Bon3zz1001 Go to original post
    How am I supposed to get my account back and WHY IS ANYBODY allowed to change my information without email conformation? This is BS. What am I even supposed to do now? I just lost all my games because of this and the person changed my email address on my account. I can't even login by playing a game using the method above because it just tells me my information is invalid.

    Where do i even go to email support? I can't even find one thing that points me in the right direction.
    Logging a support ticket is useless. After 2 days of back and forth I was left with no choice but to call a long distance number and spend an hour on hold. The worst part is my account is still broken and that necessitated another hour long call and it still hasn't been resolved.

    You will have to call ubisoft support at their 919 area code number. It sucks, it had me wondering if it might not be better to just let them have my account as the effort it took to get it back wasn't worth my time or money.

    The phone number I was given is
    (919)460-9778 M - F 9am - 12am EST
    Share this post

  9. #159
    Originally Posted by Korchaa Go to original post
    Hi guys,

    We are taking all reports of stolen accounts very seriously and are of course investigating all leads in order to identify exactly how these accounts have been compromised and take any additional action that might be needed. This is why our Support team might ask some questions to get more contextual information.

    As mentioned in my previous post, our Support team is currently processing all requests and will soon get back to you in order to restore access to your account if they haven't done so yet. I know that having to go through all these steps to show you are the rightfull owner of your account is not pleasant, but I am sure you will understand why this procedure is all the more important right now.
    Like Trisher2013 said, it's nice to see a longer answer from someone official. I do have two questions. Why is the confirmation email being sent to the new email (if anything, it should be confirmed using both the old and new mail)? Shouldn't most of the users problems be solved by undoing changes to accounts that has gotten their mail and password changed to @playbay.su mails? The fact that so many accounts seem to have been changed to mails from that domain (and most probably with different IP's than usual) should make it obvious enough what probably has happened.

    I, for one, will look forward seeing how all of this work out. Got my account back the this wednesday and have finally gotten back to FarCry 3 and my second playthrough. I just hope that the rest of those affected can get back to their games ASAP too.

    //Anders
    Share this post

  10. #160
    Share this post