Ubisoft said Tuesday that its systems had been breached by cybercriminals, and recommended that any users with a Ubisoft account change their passwords immediately.
In a company blog post, the firm said that users’ names, e-mail addresses and encrypted passwords were taken in the attack. No financial data was at risk from the intrusion, the company said.
The firm said that the stolen credentials were used to “illegally access our online network” but did not give further information for security reasons. Ubisoft said that the stability of its games’ online services should not be affected by the breach.
While the passwords were encrypted, Ubisoft said, they can still be uncovered by hackers, especially if a password is weak.
Users who may have been affected by the breach can reset their passwords through a page on the company’s Web site.
Data breaches, even if the data disclosed do not include financial information, can be a big headache for consumers who can then become the target of more spam attacks. If users share passwords between accounts, as is common, the damage from the first breach can spread to other Web sites and companies.
On Monday, California Attorney General Kamala Harris released the state’s first data breach assessment, disclosing reports of 131 data breaches within the state during 2012.
In a press release, Harris said that the report found that 1.4 million Californians’ information would not have been accessible to hackers if “companies had encrypted data when moving or sending” the information outside of their own networks. According to the report, which includes records of malicious and unintentional breaches that affected more than 500 consumers, the average data breach affects 22,500 people. Five breaches recorded in the state last year affected 100,000 people or more, the report said.
The retail industry reported the most data breaches, with 34, followed by 30 incidents in the finance and insurance industries. More than half of all breaches reported in California last year involved Social Security numbers — information often used in identity theft.