Ubisoft has confirmed a security breach forced Rainbow Six Siege servers offline after hackers flooded player accounts with billions in premium currency, unlocked rare developer-only cosmetics, and hijacked the game's ban system. The company says no players will be punished, but a full rollback is underway—and questions about how this happened remain unanswered.
On December 27, 2025, Rainbow Six Siege players logged in to chaos. Accounts were suddenly flooded with approximately 2 billion R6 Credits (the game's premium currency) and millions in Renown. Ultra-rare "Glacier" weapon skins—normally exclusive to developers—appeared in inventories. The in-game ban ticker, which typically displays anti-cheat notifications, began broadcasting memes and targeted messages.
Players were randomly banned and unbanned without explanation. Streamers and high-profile accounts were hit alongside regular players.
Within hours, Ubisoft shut down all Rainbow Six Siege servers globally—across PC, PlayStation, and Xbox—along with the in-game marketplace.
What We Know: The Breach Timeline
- December 26, late evening (EST): Players began reporting unusual activity—billions in currency appearing in accounts.
- December 27, 9:10 AM EST: Ubisoft's official Rainbow Six Siege X account acknowledged the incident: "We're aware of an incident currently affecting Rainbow Six Siege. Our teams are working on a resolution."
- ~30 minutes later: Ubisoft intentionally shut down all servers and the marketplace: "Siege and the Marketplace have been intentionally shut down while the team focuses on resolving the issue."
- December 27, afternoon: Ubisoft issued a more detailed statement confirming a rollback of all transactions since 11:00 AM UTC is underway, no players will be banned for spending credits they received, and the ban ticker was disabled in a previous update.
- December 28, current status: Servers remain offline with no ETA for restoration.
The Scale: $13.3 Million in Virtual Currency
Based on Ubisoft's official pricing, 15,000 R6 Credits cost $99.99. With approximately 2 billion credits distributed to affected players, that translates to roughly $13.33 million worth of premium currency given out during the breach.
R6 Credits are purchased with real money and used to buy cosmetics, operators, and battle passes. The sudden injection of billions in currency into thousands of accounts effectively collapsed the game's in-game economy.
What Attackers Could Do
According to player reports and screenshots shared on social media, the breach allowed hackers to:
- Grant billions in R6 Credits and Renown to any account
- Unlock every cosmetic item in the game, including developer-only skins
- Manipulate the ban ticker to display fake or taunting messages
- Randomly ban and unban players without authorization
- Access and manipulate accounts, including streamer and potentially official Ubisoft profiles
The attackers essentially had backend-level access to Rainbow Six Siege's live service systems.
The MongoBleed Connection: Unconfirmed
Security research group VX-Underground reported that threat actors claimed to have breached Ubisoft's servers using a recently disclosed MongoDB vulnerability dubbed "MongoBleed" (CVE-2025-14847). The flaw allows unauthenticated remote attackers to leak memory from exposed MongoDB instances, potentially exposing credentials and authentication keys. A public proof-of-concept exploit has already been released.
VX-Underground also reported claims from multiple hacker groups:
- One group claimed to have exploited a Rainbow Six Siege service to manipulate bans and inventory without accessing user data
- A second group allegedly used MongoBleed to access Ubisoft's internal Git repositories, claiming to steal source code dating from the 1990s to present
- A third group disputed these claims
- A fourth group stated the second group had access to source code for a while
BleepingComputer noted: "We have not been able to independently verify any of these claims, including whether MongoBleed was exploited, whether internal source code was accessed, or whether customer data was stolen. At this time, we only know that Ubisoft has confirmed the in-game abuse in Rainbow Six Siege."
Ubisoft has not confirmed the attack vector, has not responded to media requests for clarification, and has not released a formal security statement.
My opinion: The lack of transparency here is frustrating. Players deserve to know whether this was a MongoDB exploit, whether source code was stolen, and whether any personal data was compromised. Ubisoft's silence on the technical details—while understandable from a security standpoint—leaves players guessing about the scope of the breach.
Player Response: Stay Offline, Don't Spend
Prominent Rainbow Six Siege content creator KingGeorge warned players on X:
"Btw as a side note I would not login right now, definitely don't spend any credits or renown could lead to a ban."
Cybersecurity outlet ZeroSecurity issued similar advice:
- Do not log in until Ubisoft confirms services are stable
- Do not spend any injected credits—spending may flag your account during cleanup
- Watch official channels for updates
While Ubisoft has since confirmed no bans will be issued, the advice to stay offline remains valid until servers are fully restored.
The Rollback: What Players Can Expect
Ubisoft's official statement on the rollback:
"A rollback of all transactions that occurred since 11 AM (UTC time) is underway. A rollback is currently ongoing and afterwards, extensive quality control tests will be executed to ensure the integrity of accounts and effectiveness of changes."
What this means:
- Any purchases, unlocks, or progression made since 11:00 AM UTC on December 27 will be reversed
- Players who spent injected credits will have those transactions undone
- Legitimate purchases or progression during that window will also be rolled back
The community's concern: Innocent players who happened to play during the breach window and made legitimate purchases or progression will lose that activity. While necessary to clean up the mess, it's an unfortunate consequence of the breach timing.
The Bigger Context: Ubisoft's Rough Year
This breach comes during a particularly difficult period for Ubisoft:
- The company overhauled Rainbow Six Siege in June 2025, rebranding it as "Rainbow Six Siege X" and transitioning to free-to-play
- Rainbow Six, Assassin's Creed, and Far Cry were spun off into a separate Ubisoft subsidiary with Tencent investment
- Ubisoft delayed earnings calls and suspended stock trading in November 2025, raising investor concerns
- Multiple game cancellations and delays throughout 2025
The reputational damage from this breach adds to an already challenging year.
My take: The timing couldn't be worse. Ubisoft just relaunched Rainbow Six Siege as a free-to-play title six months ago, trying to breathe new life into the decade-old game. A security breach of this magnitude—where hackers had near-total control of backend systems—undermines player trust right when Ubisoft needed to rebuild it.
Historical Context: Rainbow Six Siege's Security Track Record
Rainbow Six Siege has faced security and exploit issues throughout its decade-long lifespan, though nothing approaching this scale:
Previous Rainbow Six Siege incidents:
- 2015-2016: Rampant cheating and hacking issues at launch led to multiple anti-cheat system overhauls
- 2018: Exploits allowing players to clip through walls and ceilings
- 2020: DDoS attacks targeting ranked matches to force wins
- 2022-2023: Multiple item duplication glitches affecting the in-game economy
- 2024: Ongoing battle with cheat developers selling ESP and aimbot tools
But as Tom's Hardware noted, this 2025 breach is fundamentally different:
"Those attacks weren't as brazen as the ones we've seen today, with the people behind them giving away billions of credits and skins, as well as trolling the ban service as if they're taunting Ubisoft with the amount of control they have."
Previous incidents were player-side exploits or cheats. This breach gave attackers backend-level access to Ubisoft's live systems—allowing them to manipulate accounts, currency, and bans in real-time. That's unprecedented for Rainbow Six Siege.
What Happens Next
Ubisoft faces several challenges:
- Technical: Servers remain offline with no ETA. The rollback and "extensive quality control tests" suggest this isn't a quick fix.
- Economic: How do you restore an in-game economy after injecting $13 million in virtual currency? Even with a rollback, player perception of currency value may be damaged.
- Trust: Players need to believe their accounts are secure. Without a clear explanation of how the breach occurred and what's been fixed, that trust is hard to rebuild.
- Legal: Depending on jurisdiction and whether personal data was accessed, Ubisoft may face regulatory scrutiny and potential fines.
Tom's Hardware forum user JoeGonsales summed it up:
"The technical and reputational damage here is immense. Even after a fix, how do you restore trust? A rollback will anger those who got (and spent) free stuff. Not rolling back destroys the game's economy. A no-win scenario."
Another user responded:
"Ah in fairness, no one is going to be actually annoyed at a rollback. Those who got 27 bajillion in game currency definitely expect it's going away. A rollback is a straightforward win for everyone. The reputational, technical and (probable) fines stemming from the breach will be the bigger issue."
My opinion: The second commenter is right—the rollback is the easy part. Nobody legitimately believes they'll keep 2 billion credits. The harder part is convincing players that Ubisoft has fixed whatever vulnerability allowed hackers backend-level access to live systems. Until Ubisoft explains what happened and what they've done to prevent it, players will be justifiably nervous about logging back in.
The Bottom Line
This is one of the most significant live-service gaming breaches in recent memory—not because of data theft (which hasn't been confirmed), but because of the sheer level of control attackers had over a live game's backend systems.
Giving away billions in premium currency is one thing. Hijacking the ban system to broadcast messages while Ubisoft watched helplessly? That's a level of compromise that raises serious questions about security architecture.
For players: Stay offline until Ubisoft provides an all-clear and explains what happened. When servers come back online, expect a rollback of December 27 activity. Your account should be safe, but vigilance is warranted.
For Ubisoft: This needs a full post-mortem. Players deserve transparency about how this happened, what data (if any) was compromised, and what's been done to prevent recurrence.
Rainbow Six Siege has been a pillar of Ubisoft's live-service portfolio for a decade. This breach won't kill the game—but how Ubisoft handles the aftermath will determine whether players continue trusting them with their time, money, and data.
Sources: BleepingComputer, Rainbow Six Siege official X account, STG Play, Dexerto, Tom's Hardware, NotebookCheck, SiliconANGLE, The Sixth Axis, ZeroSecurity, VX-Underground, VGChartz, X/Twitter (KingGeorge, community responses)