Update: Ubisoft reached out with a clarification to our report below, stating that the attack did not originate via any Uplay services. A web site ran by the publisher was targeted specifically. We’ve amended the story below to reflect this.

Ubisoft issued an email to all Uplay members today, alerting of an exploit that was used to “gain unauthorized access” to some of Ubi’s internal online systems. Uplay itself was not breached — a web site situated on the publisher’s network was.

Upon investigating further, Ubisoft says it found that customer data was illegally accessed, “including user names, email addresses and encrypted passwords.” Yikes. Fortunately, no personal payment information is stored on Ubisoft servers, so any credit and/or debit card information is safe.

A few months ago, hackers managed to grab an unencrypted copy of Far Cry 3: Blood Dragon off the company’s servers. Additionally, earlier this year, a rash of users on the company’s official forums complained of unauthorized account changes on Uplay.