Gamesrainbow six siege hacked
Summary (tl;dr)
Ubisoft's popular tactical shooter, Rainbow Six Siege, has experienced a major security incident, forcing the company to take game servers and the in-game marketplace offline after players reported receiving billions of fraudulent R6 credits and rare cosmetic items.
Essential Background
Rainbow Six Siege is a widely played online tactical first-person shooter developed by Ubisoft. The game relies heavily on stable online servers for its multiplayer gameplay and features an in-game economy where players can purchase R6 credits, a premium currency, with real money to acquire cosmetic items and other in-game content. Server stability and account security are crucial for the game's operation and player trust.
The Full Story
On Saturday, December 27, 2025, Rainbow Six Siege players began experiencing unusual activity within the game, reporting that their accounts were flooded with billions of R6 credits, large amounts of Renown, Alpha Packs, and exclusive developer-only cosmetic items like the Glacier skin. This unprecedented influx of in-game currency and items was accompanied by reports of random account bans and unbans, with some ban messages even containing taunts against Ubisoft leadership. In response to the widespread disruption, Ubisoft officially acknowledged an "incident" and made the decision to intentionally shut down Rainbow Six Siege servers and the associated in-game marketplace on all platforms, including PC, PlayStation, and Xbox, to investigate the breach and prevent further damage. As of Sunday, December 28, 2025, servers remain offline with no estimated time for their restoration. Ubisoft has stated plans to roll back all transactions that occurred after 11:00 AM UTC on December 27th and confirmed that players will not be penalized for spending any gifted credits. While Ubisoft has focused on the in-game abuse, some security researchers claim that multiple hacker groups might be involved, with reports suggesting a deeper breach into Ubisoft's internal Git repositories, potentially compromising source code for various games via a MongoDB vulnerability (CVE-2025-14847). However, Ubisoft has not yet verified these broader claims of a larger breach.
Why It Matters
This incident significantly impacts the Rainbow Six Siege player base, disrupting their ability to play the game, especially during the holiday season. The uncontrolled distribution of in-game currency and rare items, potentially worth millions of dollars, could severely destabilize the game's economy and devalue legitimate purchases made by players. The uncertainty surrounding account bans and the security of player data has also raised concerns among the community, prompting advice for players to avoid logging in or spending any ill-gotten currency. For Ubisoft, this represents a major cybersecurity challenge that could damage its reputation and player trust, particularly if claims of a deeper breach affecting internal systems and source code are substantiated. The company's response and resolution will be critical in regaining player confidence and ensuring the long-term stability of Rainbow Six Siege.
Geographic Location
- None (The event is a cyberattack on distributed game servers and internal systems, impacting users globally without a single, central physical location for the "event" itself)