**Ubisoft Hit by Massive Data Breach via MongoBleed Exploit**
Hackers have targeted Ubisoft in a significant security breach, exploiting the MongoBleed vulnerability—a method involving unsecured MongoDB databases with no authentication. According to a post on X (formerly Twitter), attackers exfiltrated over 900GB of data, including the source code for all Ubisoft products from 1990 to present. The stolen material reportedly covers unreleased games, Uplay services, and other proprietary assets, with potential leaks of upcoming titles like Splinter Cell Remake, Assassin’s Creed Jade, and Codename Hexe.
The breach occurred when hackers scanned the internet for exposed MongoDB ports, a common attack vector in the MongoBleed technique. While Ubisoft has not confirmed the incident, the hackers claimed to have held the data for 48 hours before demanding a ransom. If the theft is verified, the leak could expose unreleased projects, development pipelines, and sensitive internal systems—posing a major risk to the company’s intellectual property.
Game studios like Ubisoft are frequent targets due to their vast repositories of source code, player databases, and live-service game data, which are highly valuable to cybercriminals. Crytek was also reportedly affected in the same campaign. The incident underscores the ongoing threat posed by unsecured databases, particularly in industries handling large volumes of proprietary digital assets.
Ubisoft cybersecurity rating report: https://www.rankiteo.com/company/ubisoft
Crytek cybersecurity rating report: https://www.rankiteo.com/company/crytek
"id": "UBICRY1766971965",
"linkid": "ubisoft, crytek",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Gaming / Entertainment',
'name': 'Ubisoft',
'type': 'Game Studio'},
{'industry': 'Gaming / Entertainment',
'name': 'Crytek',
'type': 'Game Studio'}],
'attack_vector': 'Exploiting open MongoDB ports with no authentication',
'data_breach': {'data_exfiltration': 'Yes (900GB of data accessed for 48 '
'hours)',
'file_types_exposed': ['Source code files',
'Game builds',
'Databases'],
'sensitivity_of_data': 'High (proprietary game code, '
'unreleased projects)',
'type_of_data_compromised': ['Source code',
'Unreleased builds',
'DLCs',
'Player databases']},
'description': 'Ubisoft fell victim to a significant security breach where '
'hackers exploited the MongoBleed vulnerability to steal over '
'900GB of data, including source code for all its products '
'since 1990. The breach may lead to leaks of upcoming projects '
'if the ransom is not paid.',
'impact': {'brand_reputation_impact': 'Severe if unreleased projects are '
'leaked',
'data_compromised': 'Over 900GB of data, including source code, '
'unreleased builds, DLCs, and player databases',
'operational_impact': 'Potential disruption to game development '
'and live services',
'systems_affected': "Ubisoft's internal databases, development "
'environments, and live service game '
'infrastructure'},
'initial_access_broker': {'entry_point': 'Open MongoDB ports with no '
'authentication',
'high_value_targets': 'Source code, unreleased '
'projects, player databases'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (ransom) / Data exfiltration',
'post_incident_analysis': {'root_causes': 'Lack of authentication on MongoDB, '
'unsecured open ports, inadequate '
'monitoring'},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': 'Implement authentication for MongoDB, restrict open '
'ports, enhance monitoring for unauthorized access, and '
'secure development environments.',
'references': [{'source': 'X (Twitter) post by hackers'},
{'source': 'News articles on MongoBleed and Ubisoft breach'}],
'response': {'communication_strategy': 'No official confirmation from Ubisoft '
'yet'},
'title': 'Ubisoft MongoBleed Data Breach',
'type': 'Data Breach / Ransomware',
'vulnerability_exploited': 'MongoBleed'}