In a major security incident affecting Ubisoft’s popular tactical shooter Rainbow Six Siege, attackers exploited live-service infrastructure to manipulate game systems, award vast sums of in-game currency, and broadcast unauthorized messages through administrative feeds.

What Happened?

Players worldwide began encountering unusual activity early in the breach, including:

• Unwarranted awards of R6 Credits, Renown, and Alpha Packs, with reports of millions or even billions of R6 Credits being added to random accounts.
• Unauthorized bans and unbans, including fake ban messages appearing in the game’s broadcast ticker system.
• Unlocking of premium and legacy cosmetic items, normally gated behind official releases or purchases.

R6 Credits are premium currency sold for real money; the scale of credits issued during the breach was estimated to be worth tens of millions of dollars’ worth of in-game value if legitimately purchased.

‼️ Ubisoft’s Rainbow Six Siege servers have been hacked. Players report millions of credits added to their accounts and troll messages in the public ban chat. pic.twitter.com/ctlsfjtfK8

— International Cyber Digest (@IntCyberDigest) December 27, 2025

Ubisoft’s Response

Ubisoft acknowledged issues affecting Siege servers and confirmed the game and its in-game Marketplace were intentionally taken offline while teams worked to remediate the situation.

According to Ubisoft’s updates shared via official channels:

• The company will not punish players for holding the ill-gotten credits, but
• It plans to roll back all affected in-game transactions made after a specific point in time to negate unauthorized rewards.

How the Breach May Have Happened

Security analysts and threat intelligence groups (such as vx-underground) point to an apparent connection between the incident and a critical MongoDB vulnerability, referred to as “MongoBleed” (CVE-2025-14847). This flaw allows unauthenticated attackers to read server memory from exposed MongoDB instances, potentially exposing sensitive credentials and access tokens.

Multiple actor groups are allegedly involved:

• One group appears to have gained limited access to Rainbow Six Siege internal services, enabling the direct manipulation of game systems without touching player personal data.
• Other actors claim to have exploited MongoBleed to pivot deeper into Ubisoft infrastructure, accessing internal Git repositories and even attempting extortion via stolen user data.

At present, only the in-game abuse has been confirmed by Ubisoft, and there is no publicly verified evidence that widespread user account data or source code theft is complete.

Ongoing Situation

As of the latest reports:

• Siege servers remain down intermittently for maintenance and further protective measures.
• Ubisoft has not fully detailed the breach’s root cause or the scope of internal impact.
• Security experts advise players to avoid logging into Ubisoft Connect until integrity is fully restored.

The incident underscores ongoing risks to live-service game infrastructure from exploitation of backend vulnerabilities — and the potential for significant disruption and economic impact even without direct theft of user data.