Site icon The Mac Security Blog

Ubisoft Breached, Password Database May Lack Salt

Remember about a year ago, there was a breach of Blizzard Entertainment, creators of World of Warcraft and Diablo III? And how it was not a big deal, since they had properly hashed and salted passwords in the database, so they weren’t of much use to the attackers…

It seems like Ubisoft wasn’t paying much attention that day, and their own day in the breach spotlight is looking a lot more fraught. They’ve been advising users that particularly weak passwords could be cracked, which means their password database may not have been salted, or it used a weak salt. Fortunately customer payment data was not in the database that was breached, so that was not taken. Ubisoft is advising all users to reset their passwords, and anyone who uses the same password for Ubisoft and any other account is advised to change those passwords as well.

If you’ve not taken time to do so, installing a password manager can help you create strong, unique passwords for all your different accounts.

Share this: