I just got an e-mail from Ubisoft, which found that “one of [its] Web sites was exploited to gain unauthorized access to some of [its] online systems,” and that even though the company “instantly took steps to close off this access, investigate the incident and begin restoring the integrity of any compromised systems,” it quickly learned that “data had been illegally accessed from [its] account database, including user names, email addresses and encrypted passwords.”
But good news! “Please note that no personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion.” Whew!
I’m tired of having to change passwords because companies can’t keep their databases secure. I must have my primary e-mail address tied to hundreds of websites at this point, and it’s hard to keep them all straight. I know that I have unique, more secure passwords tied to the big sites – my Gmail, Facebook and PayPal passwords are all unique and not used anywhere else – but who knows what other sites share my Ubisoft password?
I honestly don’t even know what my Ubisoft password was (or why I had to create an account there in the first place), so I’ll change it to one of the two or three “generic” passwords that I tend to use on most sites, probably getting yelled at by the site in the process for trying to change it to the same password.
If I know that I’m signing up for a site that’s going to require credit card information, I’ll go with something more secure. But what happens when one of those sites gets compromised? Am I really expected to change dozens of other sites’ passwords to some other password, only to have one of those sites get hacked in the coming months?
It’s nothing more than a minor nuisance, but it’s a pain nonetheless. Luckily, aside from someone hacking my Xbox Live account a few years back, I’ve managed to slip by unscathed in today’s hack-friendly world. (Did I just jinx myself? I hope not.)
So here’s my question to you: When a site e-mails you and says its security was compromised, how do you respond? Do you change just that password or all of your passwords? Or do you have unique passwords for each site you have an account on? Let me know! I’m curious.