Ubisoft has disclosed a data breach that exposed certain information about Just Dance players.
The company says in a post to the Just Dance 2022 community forums that the “incident was the result of a misconfiguration, that once identified, was quickly fixed, but made it possible for unauthorized individuals to access and possibly copy some personal player data.”
Ubisoft says the exposed data includes “technical identifiers” such as “GamerTags, profile IDs, and Device IDs as well as Just Dance videos that were recorded and uploaded to be shared publicly with the in-game community and/or on your social media profiles.”
That means the breach mostly affects public or semi-public information. But there is a difference between someone knowingly sharing a Just Dance video on social media, where they have additional control over who can see their posts, and having that video exposed like this.
“Our investigation has not shown that any Ubisoft account information has been compromised as a result of this incident,” Ubisoft says. It also claims it’s “taken all the proactive measures necessary to secure our infrastructure from future incidents.” (Until someone calls that bluff.)
ZDNet notes that Ubisoft has been targeted by attackers before. The company said that attackers gained access to information about 58 million Ubisoft accounts in 2013, and in 2020, the Egregor ransomware gang released data it claimed was stolen from the company’s servers.
Ubisoft says that Just Dance players whose data was exposed will be notified about the exposure of their information via email and “can follow up with our Support team for more info.”
