Ubisoft has been hacked. According to an official warning email distributed to Uplay users, the attack accessed information in Ubisoft's account database but didn't compromise payment details. Here's what the firm had to say:
We recently found that one of our Web sites was exploited to gain unauthorized access to some of our online systems. We instantly took steps to close off this access, investigate the incident and begin restoring the integrity of any compromised systems.
During this process, we learned that data had been illegally accessed from our account database, including user names, email addresses and encrypted passwords. Please note that no personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion.
Anyone with a Uplay account is asked to change their password. If you use the same password on other sites, Ubisoft recommends that those accounts are changed, as well. This support page has more information on the breach, although few specifics are provided "for security reasons." Way to keep security a priority, Ubisoft.
The attack is under investigation, and Ubisoft may still be recovering. As I'm writing this, the company's site displays an "under maintenance" message. My password change appears to have stuck, though, and Uplay is functioning normally.
Uplay is required for some games, including Far Cry 3 Blood Dragon, making the hack particularly maddening. If publishers are going to require user accounts for their games, they should at least be able to keep those accounts secure. Ubisoft apparently wasn't up to the task.