Ubisoft has said that some of their online systems were compromised, resulting in email addresses and passwords being stolen by intruders. They are encouraging users to reset their passwords, and warning them that if they had used the password on another site, they should change it on that site as well.

Early reports suggested that the Ubisoft UPlay service had been part of this hack, but Ubisoft denies this. They also say that the systems involved did not contain any financial data, so users should be safe in that regard.

Ubisoft says that the stolen passwords were "obfuscated", but they don't provide details. It's safe to assume that they are referring to an unsatisfactory system such as unsalted MD5. Developers should use this as a reminder to update password systems to more secure algorithms, such as BCrypt/SCrypt/PBKDF2, and avoid writing your own algorithm.

If you tend to re-use passwords, you really should look into a password management system such as Password Wallet ($20), 1password ($50), Lastpass (free, with Premium option for $12/yr), or the one I prefer - KeePass (free).

Related Links

• Reddit: Ubisoft's database compromised
• IGN: Ubisoft Website Hacked
• Ubisoft: Security update regarding your Ubisoft account - please create a new password