Going to change my password now, better safe than sorry.

Do you leave your doors unlocked and wide open when you leave your house?

Come to think of it, now if GOG was (god forbid) hacked, would you all be so giggly ?
...what?

So because I have a different opinion than you, you think I deserve a "lesson" then?

Nice personality trait you have there.

That's like saying: it's your fault they broke in your house, should have used bars on your windows. Or, the american republicans way: you have to blame yourself gettin' robed - next time carry a gun with ya'.

Obviously. That's why we see every other week an attack on EAs Origin and everyday one against Valves Steam and Apples ITunes....

While I don't agree completely with Crosmando, he has a point. The average person's password management ability and even for some corporations is botherline pathetic, it's rather funny when it happens for those that don't take it seriously but we've no proof that it was Ubisoft's fault, they could have state of the art security, encryption, firewalls, protocols etc.. and then there was one employee that made a mistake and then some lucky hacker found it and exploited the opportunity.

Annoying, to say the least. I didn't even remember I had ubi account. I had to make it because of Assassins Creed, so that was one registeration wasted.

Do you think hackers are some kind of SHODAN entities, huge supercomputers capable of breaching any system in the world? Or do you think they're more likely bored young adults with standard hardware?

My point is; Ubisoft is a multi-billion dollar international corporation, I'm sure their perfectly capable to protecting UPlay accounts. The reason they don't is that the security of their customers details obviously isn't a high priority, ie they have better things to do with their money.

The real victims are customers, yes, but the real villain is the corporation who ties accounts and games to DRM schemes and doesn't provide even rudimentary internet security for those accounts.

This doesn't bother me one bit because payment information wasn't compromised and because Keepass makes it easy to have unique strong passwords for every site I use.

Ubisoft are a service-provider. You don't think they have the responsibility to protect their customers personal details? I dunno, do we? I don't keep updated on these things.
I didn't mean a lesson to you, just a lesson in general; that tying the ability to play a game to an account is a bad idea.

I'm pretty annoyed by it, because now I have to change several passwords while I'm on vacation and don't have access to a proper computer. And I don't even want to use Ubisofts 'service'. Uplay has been nothing but trouble.

I do wish they'd publish exactly how they protect their passwords. This old line of "We can't tell you for security purposes" is utter crap. If knowing the algorithm or basic details would actually significantly reduce the strength of the protection then they've got very poor protection in the first place.

That password is my throwaway one for crap like uPlay, and I don't particularly want to bother changing it everywhere. So if they're using a unique salt per user then I'll just wing it on account of a nasty hacker at very best stealing some of those uPlay points that I still don't understand the purpose of, and if he's taken the trouble of personally focussing on brute forcing just my password, then he's earned them way more than I did.

Unfortunately they've just said "Encrypted", which I would hope is wrong because I would consider encryption to be a reversable process. Hopefully they mean hashed. Hopefully they mean using a unique salt per user. Hopefully they've hashed it a few times over to increase the strength. Revealing these things would make no difference to their security because the first thing the hacker's going to do anyway is whip out his SHA rainbow tables and try a few out, then hunt down the salt value and if it's consistent, build a rainbow table for that salt, or if they've done everything well, he will give up.

Thank god i never bought a Ubisoft game with 'uplay' I just can't bring myself to buying anything by Ubisoft with that uplay, even if any games look tempting...

Yes. Very funny. Haha. People might get their personal information stolen.

He has a lot of nice personality traits :-P

there goes 1 unique password :( damn you db haxors.