This is an alert for those of you who play online games as well as those of you who know people who do.  Ubisoft is one of the largest games publishers in the world; they publish games ranging from “The Smurfs” to “Just Dance” through multiple versions of “Assassin’s Creed.” One of their databases was just hacked with millions of usernames, email addresses and encrypted passwords stolen.

Ubisoft sent emails urging players to change their Ubisoft passwords; Gary Steinman of Ubisoft, also posted a blog announcing the breach (“Security Update For All Ubisoft Account Holders”; blog.ubi.com; July 2nd).  Per Graham Cluley, Ubisoft has created a webpage where users can go to change their passwords.  Just a “heads up,” he’s heard complaints from people who have been having trouble accessing that site. (“Hackers attack gamers publisher Ubisoft, steal players’ personal information”; grahamcluley.com; July 2nd).

Ubisoft account holders should immediately change their passwords. As Mr. Cluley points out, hackers can use the stolen email addresses to try and trick victims, via spam emails, into downloading new games containing malware.  The malware can be intended to cause all kinds of damage — from stealing more personal information to directing users to other sites that will do so.

There is some good news to share. Ubisoft doesn’t store personal payment information.  That means that people with Ubisoft accounts won’t have had their credit or debit card information stolen (see, Dana Kerr, “Ubisoft e-mails and passwords exposed in hacking”; http://www.cbsnews.com; July 3rd; and blogs by Mr. Cluley and Mr. Steinman).

In urging account holders to change their passwords, Ubisoft said they should do so for any other site for which they’ve used the same password.  While it’s an obvious point, it’s worth repeating: don’t risk unnecessary privacy problems by using the same password for multiple sites.