1. #161
    So what if I didn't use my actual DOB on the account? Honestly I have no idea if I did or not. I'm assuming I'm just completely screwed even though I can provide all of my personal information including all my CD keys that have been used on my garbage uplay account?
    Share this post

  2. #162
    UbiHawk1ns's Avatar Ubisoft Support Staff NCSA
    Join Date
    Dec 2012
    Posts
    211
    Some Uplay users have contacted us about issues with their Uplay accounts. The accounts were compromised but no personal or financial details have been exposed, and the number of people affected is limited. Ubisoft is working hard to find a solution. Meanwhile, we encourage users to set strong passwords (including numbers and capital letters) for Uplay and any other online accounts to reduce the risk in the future.

    Please open a support ticket on our Support Website if you have this problem and we will help in any way we can.
    Share this post

  3. #163
    Just got mine back. I think I was very very fortunate in the timing of my call. 5:30pm est. What was interesting was the fact that when they sent me the email to reset my password, with in the minute it took to get to me the link was dead and no chance to reset password. Now it may have been because they sent multiples by accident and killed the link but...

    Well hopefully I won't have to worry about having the permission to play the games I "own" now, definitely don't have to worry about any future ubisoft games, done with them for the rest of my life and my son's life also... and any of my clients I can convince. SO long ubisoft.

    A few years late, but you live and learn.
    Share this post

  4. #164
    I've been away for the holidays to come back today to find my account was hacked on December 31st. I've sent in a ticket, though I'm surprised at the volume of others affected.
    Share this post

  5. #165
    Originally Posted by Hawk1ns24 Go to original post
    Some Uplay users have contacted us about issues with their Uplay accounts. The accounts were compromised but no personal or financial details have been exposed, and the number of people affected is limited. Ubisoft is working hard to find a solution. Meanwhile, we encourage users to set strong passwords (including numbers and capital letters) for Uplay and any other online accounts to reduce the risk in the future.

    Please open a support ticket on our Support Website if you have this problem and we will help in any way we can.
    We are 17 pages into this thread, several users (myself included) are using a unique strong password for Uplay, and for me at least, I haven't logged into any Ubisoft game for the past several months because Ubisoft PC DRM for Assassin's Creed II made the game unplayable with my internet.

    Furthermore, over a week after the initial reports, I received an email TODAY changing my email address to yet another playbay.su address.. Why has this "email provider" not been blocked, at least temporarily, from being valid email addresses for email address changes?
    Share this post

  6. #166
    To those that are willing to try it, this is the email that I received with the telephone number.

    "Thank you for reporting this issue. Unfortunately to help with this type of issue, we would need you to contact our support office directly. For your security, one of our reps will need to verify some account info before making any changes. You can reach our support team at (919)460-9778 M - F 9am - 12am EST. We hope to hear from you soon."
    Share this post

  7. #167
    Originally Posted by Dark_Fread Go to original post
    Many people who have been hacked were using strong passwords. There are two hypothesis : someone broke into Ubi database, or there is an exploit in Uplay.
    I would say it is an exploit in Uplay because I even doubt the hackers actually saw our real passwords. If it was the case, the hacker who stole my account had a perfect couple : my email and my password. Therefore he could have log (or at least try to) into my Steam account, for example. And no one tried that, according to Steamguard.
    And many people here can swear their computers are virus/malware free. Finally, the Uplay plugin have been recently known to introduce security issues.
    http://www.rockpapershotgun.com/2012...soft-pc-games/

    So, even if our computers have been hacked, it is highly possible that it's Ubi's fault.

    Anyway, I did some research and I could not find any evidence about the Amazon/EA/Yahoo hacks the Ubi Facebook page are talking about. This is ridiculous.

    I'm about 99% positive that it's not an exploit in Uplay, because I don't actually have Uplay installed on a single device at the moment, and haven't for months.

    It's on my desktop computer, but that hasn't even been plugged in to the wall since probably July or so. It's not installed on my laptop, and it's obviously not installed on my PS3.



    Originally Posted by hdonk007 Go to original post
    Now Ubisoft want answers to a raft of questions, and still haven't reassigned my account to me:

    Allow me to ask a few questions about the account you believe is stolen.
    Was the user using a weak password?
    Define "weak."

    · Were you using a weak/obvious password?

    · Was the uplay account the only account compromised?
    Yep.


    · Have you baught games from a website?
    Steam. I did buy one game from Gamer's Gate, but that was late 2011.

    · Did you use a trainer or a crack for any Ubisoft games?
    Nope.


    · Did you install anything new on your PC before your account was compromised? (even non game related)
    Nope. It's not PC related - I don't even have Uplay installed.

    · Are you using an Anti-Virus / Anti-Malware?
    Yep.

    Trying to determine what's happened, or trying to pass the buck?
    I'm leaning toward some buck-passing, especially after the phone call I just had with Ubi support.


    Originally Posted by Sheriff_Carter Go to original post
    We are 17 pages into this thread, several users (myself included) are using a unique strong password for Uplay, and for me at least, I haven't logged into any Ubisoft game for the past several months because Ubisoft PC DRM for Assassin's Creed II made the game unplayable with my internet.

    Furthermore, over a week after the initial reports, I received an email TODAY changing my email address to yet another playbay.su address.. Why has this "email provider" not been blocked, at least temporarily, from being valid email addresses for email address changes?

    Hey Jack. How's Zoe?

    Other than that, I'm in the same boat you're in. I haven't used Uplay on a PC in months. I've been playing ACIII on the PS3, but no PC activity.




    Okay, so I got my account back tonight. Took a few minutes on hold to get through, but the process was remarkably straight forward. All they needed was my account name and date of birth, and thank god I'd actually used the correct date of birth for this one. (I'm a bit of a paranoid SOB so I don't generally give my correct DOB for anything.)

    They are working on a buck-passing here. They were not - according to their rep - hacked. They're completely blameless in all this - just ask them. What happened is that there's two lists floating around: one of email addresses, the other of passwords. Apparently, some enterprising soul decided that he could randomly match email addresses against passwords, and eventually - on the theory of blind squirrels occasionally finding nuts, you know - he came up with a very small number of accounts that were vulnerable. Very small. Miniscule, in fact.

    So obviously I asked what genius thought it was a good idea to continue allowing account changes involving playbay.su / ru email addresses, and the drone quite piously told me that they couldn't simply block people from using playbay.su / ru email addresses, because what about all those good people, those blameless individuals who are obviously part of the 5-7% of gamers (according to Ubi) that are not pirates, who might legitimately have "uplay23412341234@playbay.su" as an email address?

    This whole thing left a fairly sour taste in my mouth. Only bright spot is that at least I actually have my account back.

    I'm leaning far more closely toward the explanation that was brought up earlier about Xbox / PS3 not needing a password to actually change the email account and password than some mythical list of usernames and passwords that are magically getting combined to come up with this many right answers.
    Share this post

  8. #168
    Originally Posted by Hawk1ns24 Go to original post
    Some Uplay users have contacted us about issues with their Uplay accounts. The accounts were compromised but no personal or financial details have been exposed, and the number of people affected is limited. Ubisoft is working hard to find a solution. Meanwhile, we encourage users to set strong passwords (including numbers and capital letters) for Uplay and any other online accounts to reduce the risk in the future.

    Please open a support ticket on our Support Website if you have this problem and we will help in any way we can.
    Thank you for finally commenting on risk of personal details and credit card details being exposed.

    Many of the users who lost accounts had strong passwords already. I use Keepass and had it generate a password and these are as secure as you can get, my account was still stolen.

    I agree that compared to the PS3 hacking incidents this is a much smaller population of affected users, but still a lot to a normal person.

    I think this points to some amateur hackers who found an exploit and are hacking 'by hand' as opposed to massively exploiting the hole with software and selling accounts on a large scale.

    Due to the zip code changes made to my account I suspect that it was re-sold to somebody state side.
    Share this post

  9. #169
    Originally Posted by Bon3zz1001 Go to original post
    So what if I didn't use my actual DOB on the account? Honestly I have no idea if I did or not. I'm assuming I'm just completely screwed even though I can provide all of my personal information including all my CD keys that have been used on my garbage uplay account?
    I don't think it's that uncommon to not use your actual DOB. When registering for sites that shouldn't need my DOB but require it, I use an alternate that I can remember and is close enough. It's good to think ahead like that though, because a few bits of public information might be enough for an attacker to imitate you to a support person and social engineer their way into your account.

    When I create an account that has question and answer password recovery security, I use obnoxious answers and store them in my keepass password safe.

    IE: What was your favorite teachers name in school. I might answer p$y<h0515 so that if anyone gleamed that info from forum posts, facebook, etc, it would be useless to them.
    Share this post

  10. #170
    Add me to the pile of hacked accounts, now linked to "uplay41142843@playbay.su", etc. got the email about 16 hours ago, sent in a ticket a few minutes ago, only had 2 games, (Anno 2070 + deep ocean), computer clean, not linked to FB/etc. ticket number #130105-000488


    /Sigh

    Originally Posted by kodack10 Go to original post
    When I create an account that has question and answer password recovery security, I use obnoxious answers and store them in my keepass password safe.

    IE: What was your favorite teachers name in school. I might answer p$y<h0515 so that if anyone gleamed that info from forum posts, facebook, etc, it would be useless to them.
    This is extremely smart, too bad ubisoft doesn't use question/answer systems
    Share this post