PDA

View Full Version : Youtube video explain how to easily hack uplay accounts



LupoViolento
12-18-2016, 01:13 AM
In these days i was away from my computer. In these weeks i'm enjoying Watch_Dogs 2: i like it very much. When i returned to my computer, i saw something was wrong: there was a new savegame with a new "Retr0" alter ego and a new storyline. What's the bad news? I didn't create a new savegame, i'm pretty sure about that.
Immediately i changed my password with a new complex one and i've search on google some information about a similar situation to other uplay users.
In my research i found this video in particular: it explay how easily hack uplay accounts with dedicated tools.

*Video removed by Ubi-Cain*
See below for more info.

I'm very angry about this video. I think someone use this tips to play with my copy of Watch Dogs 2 and theorically this is a very bad thing :mad::mad::mad::mad:

I hope Ubisoft improve uPlay security: is not the first time uPlay security system get hacked.

Best regards

Ubi-Cain
12-19-2016, 01:30 PM
Hi LupoViolento,

First off I'm going to remove the video from your post. It doesn't need to be on the forums for me people to get sucked in by and potential risk their own security.
It stands to reason that someone pathetic and dishonest enough to encourage "hacking" accounts would not be below sticking a keylogger or other malware into their software so that they have more "content" for future videos ;)

Now...

It's not "hacking" accounts at all, it's just retrieving a list of already compromised accounts.

The application is retrieving a list of previously compromised accounts (Might not even be genuine Uplay accounts) from existing lists on the web. It's not just magically "hacking" them and it certainly isn't get data from our servers. It's just a glorified search tool.

These compromised accounts are likely composed from the end results of phishing scams and other malware like keyloggers, and these usually end up on pastebin and similar sites at some point at some point which seems to be where the tool is searching. This tool is likely searching public pastes that contain key words and characters like "uplay" and "@insertdomain.*"

You can see in the video that the uploaded changes "Origin" to "Uplay" at one point too. It's the same search tool for for searching the same website for lists of accounts and you could replace the search terms with anything and get results for any service with a login.

With that being said...

Our security team do try to keep an eye on many of these lists that float around and when/if we find accounts that match those in our database we often reset the passwords and inform the owners via the registered e-mail.

In addition there have been no known compromises to our user account databases.