Unlimited Wealth: The Massive Rainbow Six Siege Breach

Recently, Ubisoft’s popular game Rainbow Six Siege (R6) faced a security breach that allowed hackers to exploit internal systems, resulting in the unauthorized banning and unbanning of players, manipulation of in-game moderation feeds, and the distribution of large amounts of in-game currency and cosmetic items worldwide.

Reports from players and in-game screenshots revealed that the attackers had the ability to:

• Ban and unban players at will
• Display fake ban messages on the ban ticker
• Grant all players around 2 billion R6 Credits and Renown
• Unlock every cosmetic item in the game, including exclusive developer skins

R6 Credits are a premium in-game currency that can be purchased with real money through Ubisoft’s store. With 15,000 R6 Credits priced at $99.99, the value of 2 billion credits distributed for free amounts to approximately $13.33 million.

On Saturday at 9:10 AM, the official Rainbow Six Siege account acknowledged the breach, stating that Ubisoft was actively working to address the issue affecting the game.

Shortly after, Ubisoft made the decision to shut down Rainbow Six Siege and its in-game Marketplace to focus on resolving the issue.

A post on X mentioned, “Siege and the Marketplace have been intentionally shut down while the team focuses on resolving the issue.”

In a subsequent update, Ubisoft assured players that they would not face consequences for using the illicitly obtained credits, but all transactions made since 11:00 AM UTC would be rolled back.

The company clarified that the ban ticker messages were not generated by Ubisoft and that the ticker had been disabled earlier.

Although efforts are ongoing to fully restore the game, the servers remain offline at present.

Ubisoft has not issued an official statement regarding the breach and has not responded to inquiries from BleepingComputer regarding the breach’s origins.

If you have any information on this incident or other undisclosed attacks, you can reach out to us confidentially via Signal at 646-961-3731 or at tips@bleepingcomputer.com.

Rumors of a larger breach

Unverified reports suggest a more extensive breach within Ubisoft’s infrastructure.

According to VX-Underground, threat actors claimed to have exploited Ubisoft’s servers using a recently disclosed MongoDB vulnerability known as “MongoBleed.”

Identified as CVE-2025-14847, this vulnerability enables remote attackers to extract memory from exposed MongoDB instances without authentication, potentially revealing credentials and authentication keys. A public PoC exploit has been released to search for sensitive information in exposed MongoDB servers.

VX-Underground indicates that multiple threat groups may have targeted Ubisoft:

• One group allegedly manipulated bans and in-game inventory through a Rainbow Six Siege service without accessing user data.
• Another group purportedly used MongoBleed to infiltrate Ubisoft’s internal Git repositories, claiming to have obtained a substantial archive of internal source code spanning decades.
• A third group claims to have extracted Ubisoft user data through MongoBleed and is attempting to extort the company for a ransom.
• A fourth group disputes some of these claims, asserting that the second group had access to Ubisoft’s source code for a period.

BleepingComputer has not independently verified these claims, including the exploitation of MongoBleed, access to internal source code, or theft of customer data.

As of now, Ubisoft has confirmed the in-game abuse in Rainbow Six Siege, with no public evidence of a broader breach.

Should Ubisoft provide further details or if more information surfaces regarding these claims, BleepingComputer will update this article.

Issues with Identity and Access Management (IAM) impact not just IT but your entire business.

This comprehensive guide explores the shortcomings of traditional IAM practices in meeting modern demands, showcases examples of effective IAM strategies, and provides a simple checklist for developing a scalable IAM strategy.

Get the guide