Ubisoft has announced a data breach after unknown actors targeted its popular video game franchise, Just Dance.
The games developer confirmed that customer information may have been accessed after attackers took advantage of a “misconfiguration” to steal data.
A statement from Ubisoft said that the breach was limited to ‘technical identifiers’ including GamerTags, profile IDs, and device IDs, as well as recordings of Just Dance videos that were uploaded to be shared publicly with the in-game community and/or on social media profiles.
It adds: “This incident was the result of a misconfiguration, that once identified, was quickly fixed, but made it possible for unauthorized individuals to access and possibly copy some personal player data.
“Our investigation has not shown that any Ubisoft account information has been compromised as a result of this incident.”
Ubisoft has advised all Just Dance users to reset their passwords and to use two-factor authentication.
More information on what steps users should take can be found on a forum post from the Just Dance team.
Source: https://portswigger.net/daily-swig/ubisoft-confirms-just-dance-video-game-data-breach