Ubisoft’s Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse inside methods to ban and unban gamers, manipulate in-game moderation feeds, and grant large quantities of in-game foreign money and beauty objects to accounts worldwide.
In response to a number of participant reviews and in-game screenshots shared on-line, the attackers had been in a position to:
- Ban/unban Rainbow Six Siege gamers
- Show faux ban messages on the ban ticker.
- Grant all gamers roughly 2 billion R6 Credit and Renown
- Unlock each beauty merchandise within the recreation, together with developer-only skins
R6 Credit are a premium in-game foreign money offered for actual cash on Ubisoft’s retailer. Primarily based on Ubisoft’s pricing, 15,000 R6 Credit price $99.99, putting the worth of two billion credit at roughly $13.33 million price of in-game foreign money distributed free of charge.
At 9:10 AM on Saturday, the official Rainbow Six Siege account on X confirmed the incident, stating that Ubisoft was conscious of a problem affecting the sport and that groups had been working to resolve it.
Shortly afterward, Ubisoft deliberately shut down Rainbow Six Siege and its in-game Market, stating they had been nonetheless engaged on the problem.
“Siege and the Market have been deliberately shut down whereas the crew focuses on resolving the problem,” reads a put up on X.
In a closing replace, Ubisoft clarified that gamers wouldn’t be punished for spending the granted credit, however that it might be rolling again all transactions made since 11:00 AM UTC.
The corporate additionally acknowledged that Ubisoft didn’t generate the messages seen within the ban ticker and that the ticker had been disabled beforehand.
Supply: @ViTo_DEE91
Ubisoft mentioned it was persevering with to work towards totally restoring the sport, however the servers stay down right now.
At the moment, Ubisoft has not launched a proper assertion concerning the incident and has not responded to emails from BleepingComputer requesting particulars on how the breach occurred.
In case you have any data concerning this incident or some other undisclosed assaults, you’ll be able to contact us confidentially by way of Sign at 646-961-3731 or at suggestions@bleepingcomputer.com.
Rumors of a bigger breach
Unverified claims state {that a} a lot bigger breach occurred inside Ubisoft’s infrastructure.
In response to safety analysis group VX-Underground, risk actors claimed to have breached Ubisoft’s servers utilizing a just lately disclosed MongoDB vulnerability dubbed “MongoBleed.”
Tracked as CVE-2025-14847, the flaw permits unauthenticated distant attackers to leak the reminiscence of uncovered MongoDB situations, exposing credentials and authentication keys. A public PoC exploit has already been launched that searches for secrets and techniques in uncovered MongoDB servers.
VX-Underground reviews that a number of unrelated risk teams might have focused Ubisoft:
- One group claims to have exploited a Rainbow Six Siege service to control bans and in-game stock with out accessing consumer knowledge.
- A second group allegedly exploited a MongoDB occasion utilizing MongoBleed to pivot into Ubisoft’s inside Git repositories, claiming to steal a big archive of inside supply code from the Nineties to the current.
- A 3rd group claims to have stolen Ubisoft consumer knowledge by way of MongoBleed and is making an attempt to extort the corporate into paying a ransom.
- A fourth group disputes a few of these claims, stating that the second group had entry to Ubisoft’s supply code for some time.
BleepingComputer has not been in a position to independently confirm any of those claims, together with whether or not MongoBleed was exploited, whether or not inside supply code was accessed, or whether or not buyer knowledge was stolen.
At the moment, we solely know that Ubisoft has confirmed the in-game abuse in Rainbow Six Siege, and there’s no public proof of a bigger breach.
BleepingComputer will replace this story if Ubisoft offers extra particulars or if we study extra about these different claims.
Damaged IAM is not simply an IT downside – the impression ripples throughout your entire enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with trendy calls for, examples of what “good” IAM appears like, and a easy guidelines for constructing a scalable technique.
