Hackers managed to access the account database, including user names, email addresses and encrypted passwords, but no credit or debit card information was compromised.
While Ubisoft's database encrypted stored passwords, they said weak passwords "could be cracked, in particular if the password chosen is weak. This is the reason we are recommending that our users change their password."
While the company refused to divulge details of the attack "for security reasons," they did say log-in credentials were stolen.
"We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to restore the integrity of any compromised systems," Ubisoft said.
The company, which develops games such as "Assassins Creed" and "Just Dance" for Xbox One and Playstation 4 systems, is the third-largest game publisher in Europe and in the United States.