[dansanderson]

They sent a notification email to every customer asking them to change their password. The email includes the user's current password.

I know this because I received such an email-- intended for someone else who accidentally used my email address for their account. So not only is Ubisoft storing raw passwords and sending them via email, they're not verifying email addresses during account creation.

[Brandon0]

No way, really? According to the article they claim to "encrypt" the passwords (they actually mean hash). Any way you could post the contents of the email (minus the personal details)?

[dclowd9901]

I think he's misunderstanding the email:

>As a result, we are recommending that you change the password for your account: dclowd9901

All I see is the plaintext representation of my username.

[dansanderson]

Ah, glad to have that clarified. The username in the misdelivered email I received looked very much like an attempt at a memorable password, not a username. Thanks!