On December 27, Ubisoft’s Rainbow Six Siege was rocked by what’s being called one of the most serious security breaches ever seen in a live-service game. Hackers reportedly gained administrator-level access, allowing them to completely break the game’s economy, moderation tools, and internal systems—leaving both players and Ubisoft scrambling to respond.
When Free Currency Turns Into a Disaster
Players across PC, PlayStation, and Xbox logged in to find something unbelievable: their accounts were suddenly loaded with nearly 2 billion R6 Credits each. At Ubisoft’s standard pricing—$99.99 for 15,000 credits—that translates to over $13 million worth of in-game currency per account.
What might sound like a dream quickly turned into a nightmare.
Hackers also unlocked every cosmetic item in the game, including ultra-rare and even developer-only skins like Glacier. Inventories were flooded with Alpha Packs and Renown, completely destroying the game’s progression and item balance. It became clear that this wasn’t just a glitch—someone had deep control over Siege’s backend systems.
Hackers Had the Keys to the Kingdom
The most alarming part? The attackers weren’t limited to handing out credits.
Screenshots shared online showed they could ban and unban players at will, post fake ban messages through the in-game ticker, and manipulate moderation tools. Some legitimate players were banned without warning, while others saw bans reversed just as randomly. Even Ubisoft-linked accounts were reportedly affected.
Major gaming outlets quickly confirmed the scale of the incident, while Reddit, X (formerly Twitter), and Instagram filled with warnings urging players not to spend or touch the credits.
Ubisoft Pulls the Plug
Once Ubisoft realized how severe the situation was, the company acted fast. Rainbow Six Siege servers were taken offline globally, along with the in-game Marketplace. The official Rainbow Six Siege account confirmed the shutdown, stating that Ubisoft was investigating “an issue affecting the game.”
Players attempting to log in were met with error messages as Ubisoft’s security and engineering teams worked to isolate the damage.
Later, Ubisoft reassured players that no one would be punished for accidentally receiving or spending the hacked credits. However, all transactions made after 11:00 AM UTC would be rolled back to prevent long-term damage to the game’s economy.
Whispers of Something Even Bigger
While Ubisoft has only confirmed the in-game abuse, rumors suggest the incident might be part of a much larger security breach.
According to cybersecurity group VX-Underground, attackers may have exploited a MongoDB vulnerability nicknamed MongoBleed (CVE-2025-14847). If true, this flaw could expose internal credentials and authentication keys.
Unverified claims suggest:
- One group manipulated Siege’s economy and ban systems
- Another allegedly accessed Ubisoft’s internal Git repositories
- A third group may have obtained user data and attempted extortion
- A fourth group disputes parts of the story but confirms long-standing access to internal code
At this time, none of these claims have been officially confirmed. The only verified issue remains the in-game compromise affecting Rainbow Six Siege.
Community Steps In While Ubisoft Recovers
The Siege community reacted quickly. Streamers, moderators, and long-time players urged others to avoid using the hacked currency and wait for Ubisoft’s rollback. Players affected by wrongful bans have been told to file appeals through Ubisoft Support once services resume.
Security experts recommend that players:
- Enable two-factor authentication
- Monitor accounts for unusual activity
- Avoid third-party tools or suspicious links
A Wake-Up Call for the Industry
This incident has put Ubisoft under intense pressure to explain how attackers gained such deep access and what safeguards failed. More broadly, it serves as a warning to the entire gaming industry: even large publishers with advanced infrastructure are not immune to serious cyberattacks.
For now, Rainbow Six Siege remains offline as Ubisoft continues its investigation. Players can only wait for servers to return—and hope the lessons learned from this breach lead to stronger protections in the future.
