It seems that malicious actors have used the Christmas period to go against prominent developers in the video game industry. After the Insomniac Games case, we are now learning this Ubisoft reportedly arrested a group of attackers who managed to steal 900 gigabytes of data from a French company.

Apparently, and as the cyber security research group VX-Underground explained in their which shows conversations from Microsoft Teams and SharePoint servers, Confluence and MongoDB Atlas. The research group said the attackers would not share how they gained access to Ubisoft’s IT infrastructure.

From there, the story gets a little confusing. What is clear is that The attack on Ubisoft took place on December 20, 2023, and the video game company revealed it 48 hours later to revoke access malicious actors. During the period in which they had access and as explained by VX-Underground, The attackers managed to get 900 gigabytes of data however, data from Ubisoft could not be obtained from Rainbow Six Siegethe penultimate part of the saga derived from the license created by Tom Clancy.

The data known so far suggests that the attack against Ubisoft was serious, but that it would have been much worse had the company not acted, albeit prematurely. In addition to acknowledging the incident, Ubisoft told BleepingComputer the following: “We are aware of the alleged data security incident and We are currently investigating. We have nothing more to share at this time.“.

At this point, the information is somewhat confusing and it is not clear what the true extent of the attack against Ubisoft is. On the other hand, this is not the first time that a video game company has fallen victim to a cyberattack, as it received another one in 2013 that compromised its own users’ accounts. Obviously, given the events, it wouldn’t hurt to change your password now as a precaution.