"We recently found that one of our Web sites was exploited to gain unauthorized access to some of our online systems," the statement reads. "We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems. During this process, we learned that data were illegally accessed from our account database, including user names, e-mail addresses and encrypted passwords."
In a FAQ, the company said it wasn't actually hacked -- login credentials were stolen and used to access the network. While user names, e-mail addresses and encrypted passwords were accessed, Ubisoft says no other personal information was accessed, and Ubisoft doesn't store its customers' payment information.
Looking ahead, the company says, "Ubisoft’s security teams are exploring all available means to expand and strengthen our security measures in order to better protect our customers. Unfortunately, no company or organization is completely immune to these kinds of criminal attacks."