Ubisoft Forum 2014 Data Breach

Ubisoft Community Forum Breach (2014): 90 Million Player Account Emails & Passwords Exposed

Platform · Gaming discussion and player support · Official game publisher community forum · Global

Ubisoft Community Forum Breach (2014): 90 Million Player Account Emails & Passwords Exposed

Ubisoft video game company community forum.

Confirmed · ObscureIQ Intelligence
Breach Risk Index i
23/100
Lower riskHigher risk
Lower: limited current risk based on data value and recency.
Data Sensitivity i
Standard
Exposed data is largely lower-sensitivity. Standard identity-protection precautions are advised.
90.9MRecords
2014Year

The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.

Classification Tags
GamingVideo GamesUsers2014

Breach Summary

A dataset of approximately 90.9 million email addresses and passwords attributed to the Ubisoft community forums (forums.ubisoft.com), dated to 2014, circulates in breach catalogues. It is distinct from Ubisoft's July 2013 website breach (~58M accounts). Exposed data comprises email/password pairs usable for credential stuffing; no financial or identity data is indicated. The threat actor and exact intrusion method are not reliably established.

Full threat analysis, exploitation vectors, and principal guidance below.

10 additional sections · verified field analysis · defensive doctrine

Querying breach corpus…
Cross-referencing exposed field types…
Resolving threat-actor attribution…
Compiling principal risk advisory…

90.9M records analyzed

About Ubisoft Forum

Ubisoft is a major French video-game publisher (Assassin's Creed, Far Cry, Rainbow Six). This record concerns its community forums (forums.ubisoft.com), which maintained player account credentials separate from its game/uPlay account platform.

Why They Hold Your Data

Official publisher forums collect user accounts, emails, support interactions, messages, and community participation tied to game support and player discussion.

Recent Developments

Ubisoft experienced a separate, larger website breach in July 2013 (~58M accounts). The 2014 forum dataset (~90.9M email/password records) circulates in breach catalogues; Ubisoft has since consolidated accounts under Ubisoft Connect and enforced password resets across incidents.

Data Points Exposed

2 verified field types
Email Address
Password High

Breach Impact

The exposure of email addresses and passwords for a very large number of forum/player accounts primarily creates credential-stuffing and account-takeover risk where players reused passwords, plus gaming-themed phishing. No financial or identity documents were involved.

Exploitation & Downstream Threats

• Credential stuffing and account takeover against reused passwords | • Gaming-themed phishing using exposed email addresses | • Account-takeover of linked gaming/uPlay accounts where passwords were reused

Principal Risk Advisory

What this means for a principal

A consumer-service breach: contact and account data supports phishing, account takeover and profile enrichment. For a high-profile principal the main risk is credible impersonation and enrichment of existing exposure.

What You Should Do

  1. Reset any reused passwords and enable MFA on email first, then financial accounts.
  2. Do not use unofficial 'am I affected' lookups; several are themselves harvesting operations.

How ObscureIQ Can Help

  1. Corpus confirmation: determine whether and where the principal (plus household and staff) appear in this dataset and which specific fields are exposed for them.
  2. Exposure mapping: cross-reference the exposed identifiers against broker-available data to size and prioritize the principal's wider footprint.
  3. ThreatWatch tuned to this incident's identifiers and misuse pattern (impersonation and targeting patterns, not generic credential monitoring).

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation