One April 12th, 2019 a Reddit user going by the handle of intruder_alert made a post on the /r/PCGaming/ thread to chronicle an encounter with a Ubisoft customer support staff that appeared to inform him that third-party marketing firms had access to his account, just not his personal account data.
The gist of the story is outlined in the post by intruder_alert, where he writes…
“Last night I received an email by Ubisoft support (automated) that there was suspicious activity with my account. It seems that someone logged into my account from an IP in France. I have not logged into my ubisoft account since I completed Assassin’s Creed Origin a few months back and I have 2FA (Google Authenticator) enabled for my account. So I logged into my and went to the “Security Settings” page and went through my login history. There are 5 different successful logins from IPs in different countries for the last month that are definitely not by me. I immediately tried to contact Ubisoft support about the illicit logins into my account […]”
The most relevant image from the customer support, states…
“Seems like there is no suspicious activity on your Ubisoft account from what I can see, the emails that you have received are related to 3rd party sites that have no access to your personal details and in no way can affect your account. For extra security you can make sure to change your email on the account, as if it was registered to any of those sites, you will receive notifications of activity, as it so stands, rest assured that your account is secured.
“As long as you have Two Factor Authentication on the account, no one but you can access it.”
This response was met with a lot of confusion because intruder_alert was trying to figure out these sites have access to his account in the first place and why they access data that isn’t “personal details”.
Intruder_alert wasn’t the only one who had encountered this issue, though. Several others also had the exact same problem and posted about their run-ins with this issue in the Assassin’s Creed sub-reddit and in the Uplay sub-reddit.
The Reddit thread on /r/PCGaming/ managed to reach thousands of people, attracting the attention of Ubisoft community manager Gabe Graziani, who dropped in to offer a clarification on the matter, posting the following message on April 12th, 2019…
“First and foremost we do not provide your credentials or access to your account to any 3rd parties. This wasn’t clearly communicated in the support ticket in question, and we apologize for the confusion and are looking into why this happened.
“Regarding 2FA, currently we only leverage it in places where you have personal information such as Uplay and your account management page. So if someone has access to your email and password they can still login on other websites such as games’ dedicated pages or Ubisoft.com, but these do not have any of your personal information on them.”
Obviously this didn’t answer the most obvious question: why were third-parties accessing the account in the first place?
Others asked if this means that third-parties have full or limited access to your account details. Graziani reiterated that no third-parties are given access to your account credentials, saying…
“We do not share your account credentials with anyone. As mentioned in the original post, what was said in the chat wasn’t clearly communicated and we’re going to make sure that it doesn’t happen again in the future. It was a mistake.”
This still did not sit well with most people.
Two very important questions were posed by other users that went unanswered, they asked how the third-parties were still able to access the user’s account even after he changed the password, and also asked for clarification on what access to user data these third-party marketers do have access to.
As mentioned, these questions went unanswered.
Most users were able to piece two and two together, and began to complain about Ubisoft basically using this as a method to sell user data to marketers and advertisers.
So not only does Ubisoft have games filled with Social Justice Warrior propaganda, but they also seem to have a user account issue with allowing marketers to access user data, based on what the customer support has said and the evidence provided by the users in that thread about the suspicious activity on their account.
Some users stated that they would be filing complaints with the GDPR protection committee relating to the breach of privacy trust between users and Ubisoft. You can learn more about
(Thanks for the news tip Haxter Z)