**Ubisoft’s *Rainbow Six Siege* Hit by Major Breach, In-Game Systems Compromised**
Ubisoft’s Rainbow Six Siege (R6) suffered a significant security breach, allowing attackers to manipulate in-game systems, distribute unauthorized rewards, and disrupt player accounts. The incident, confirmed by Ubisoft on Saturday at 9:10 AM via the official R6 X account, led to the game and its Marketplace being temporarily shut down for investigation.
Hackers exploited internal systems to perform several unauthorized actions, including:
- Banning and unbanning players at will.
- Displaying fake ban messages on the in-game ban ticker (later confirmed as fraudulent by Ubisoft).
- Granting players approximately 2 billion R6 Credits—a premium currency worth roughly $13.33 million based on Ubisoft’s pricing.
- Unlocking all cosmetic items, including developer-exclusive skins.
Ubisoft stated that players would not face penalties for spending the illicitly granted credits but would roll back all transactions made after 11:00 AM UTC. The company also disabled the ban ticker, confirming it did not generate the fake messages.
While Ubisoft has not disclosed how the breach occurred, unverified reports suggest a broader compromise. Security research group VX-Underground cited claims from multiple threat actors, including:
- One group allegedly exploited an R6 service to manipulate bans and inventory without accessing user data.
- A second group claimed to have used the MongoBleed vulnerability (CVE-2025-14847)—a recently disclosed flaw in MongoDB—to pivot into Ubisoft’s internal Git repositories, potentially stealing decades of source code.
- A third group reportedly stole user data via MongoBleed and attempted extortion.
- A fourth group disputed some claims, asserting that source code access was already established.
Ubisoft has not confirmed these allegations, and BleepingComputer could not independently verify the extent of the breach beyond the confirmed in-game abuse. As of now, servers remain offline, and no formal statement on the attack vector has been released. Updates will follow if new details emerge.
Ubisoft cybersecurity rating report: https://www.rankiteo.com/company/ubisoft
"id": "UBI1766901285",
"linkid": "ubisoft",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Rainbow Six Siege players '
'worldwide',
'industry': 'Video Game Development',
'location': 'Global',
'name': 'Ubisoft',
'size': 'Large',
'type': 'Company'}],
'attack_vector': ['Exploitation of internal systems',
'Potential MongoDB vulnerability (CVE-2025-14847)'],
'customer_advisories': 'Players will not be punished for spending granted '
'credits; transactions will be rolled back.',
'data_breach': {'data_exfiltration': 'Unverified claims of source code and '
'user data theft',
'file_types_exposed': ['Source code (unverified)'],
'personally_identifiable_information': 'Potential '
'(unverified)',
'sensitivity_of_data': 'High (if claims are verified)',
'type_of_data_compromised': ['Potential internal source code',
'Potential user data '
'(unverified)']},
'date_detected': '2023-10-21T09:10:00Z',
'date_publicly_disclosed': '2023-10-21T09:10:00Z',
'description': "Ubisoft's Rainbow Six Siege (R6) suffered a breach that "
'allowed hackers to abuse internal systems to ban and unban '
'players, manipulate in-game moderation feeds, and grant '
'massive amounts of in-game currency and cosmetic items to '
'accounts worldwide. Unverified claims suggest a larger breach '
'involving MongoDB exploitation and source code theft.',
'impact': {'brand_reputation_impact': 'Significant (fake ban messages, '
'unauthorized in-game rewards)',
'data_compromised': 'Potential internal source code and user data '
'(unverified)',
'downtime': 'Ongoing (servers intentionally shut down)',
'financial_loss': '$13.33 million (estimated value of distributed '
'in-game currency)',
'identity_theft_risk': 'Potential (unverified user data theft '
'claims)',
'operational_impact': 'Game and marketplace shutdown, transaction '
'rollback',
'systems_affected': ['Rainbow Six Siege game servers',
'In-game Marketplace',
'Internal moderation systems']},
'initial_access_broker': {'data_sold_on_dark_web': 'Unverified claims of '
'source code and user data '
'being sold',
'entry_point': 'Potential exploitation of Rainbow '
'Six Siege service or MongoDB '
'(unverified)',
'high_value_targets': ['Internal moderation systems',
'In-game currency systems']},
'investigation_status': 'Ongoing',
'motivation': ['Financial gain', 'Disruption', 'Data exfiltration'],
'ransomware': {'data_exfiltration': 'Unverified claims of extortion attempts'},
'references': [{'date_accessed': '2023-10-21',
'source': 'BleepingComputer',
'url': 'https://www.bleepingcomputer.com'},
{'date_accessed': '2023-10-21', 'source': 'VX-Underground'},
{'date_accessed': '2023-10-21',
'source': 'Ubisoft Official X (Twitter) Account'}],
'response': {'communication_strategy': ['Updates via official X (Twitter) '
'account'],
'containment_measures': ['Shutdown of Rainbow Six Siege and '
'Marketplace',
'Disabling ban ticker'],
'incident_response_plan_activated': 'Yes',
'recovery_measures': ['Working toward full restoration'],
'remediation_measures': ['Rolling back transactions made since '
'11:00 AM UTC']},
'stakeholder_advisories': 'Ubisoft has not released a formal statement '
'regarding the incident.',
'threat_actor': ['Multiple unverified groups'],
'title': 'Ubisoft Rainbow Six Siege In-Game Abuse and Potential Larger Breach',
'type': ['In-game abuse', 'Unauthorized access', 'Potential data breach'],
'vulnerability_exploited': ['CVE-2025-14847 (MongoBleed) - unverified']}