With the crushing inevitability of the changing seasons, yet another company announces that they've been hit with a data breach. This time it's the turn of French video game publisher Ubisoft, as they warn players of Just Dance 2022 that some of their data may have been compromised.
Just Dance is a series of rhythm games where people follow along with on-screen dance routines to earn points. The game also lets players record themselves and share their efforts online. In a community forum post on December 20th 2021, Ubisoft announced that a "misconfiguration" in its IT infrastructure exposed gamer data related to Just Dance players.
The company is also sending emails to users affected by this breach, a copy of which is shown here:
Ubisoft hasn't provided specific details about how this breach occurred, nor did it say how long the breach went on for before being rectified. Given that Ubisoft suffered another security breach in 2020, and a massive data theft in 2013, this does not paint the most reassuring picture of its ability to protect its users.
The data in question was limited to 'technical identifiers' which include GamerTags, profile IDs, and Device IDs as well as Just Dance videos that were recorded and uploaded to be shared publicly with the in-game community and/or on your social media profiles.
While it is good to know that no potentially damaging personal data was lost, this breach still involves aspects of a user's online activity that they may not wish to see widely disseminated, and again casts doubt on the ability of companies to keep their user's data protected.
It's all well and good that companies place the onus on users to secure their accounts through the use of two-factor authentication, different passwords, different password rules and so on, but breaches in backend systems appear to be a depressingly regular occurrence both within the gaming industry and elsewhere, undermining efforts to improve user security.
A user can only do so much to protect themselves, and companies need to take more responsibility for protecting their users.