Ubisoft is dealing with one of the most severe security incidents in recent gaming history. On December 27, 2024, hackers compromised Rainbow Six Siege servers, forcing the company to take the entire game offline. What started as players receiving billions of free in-game credits has snowballed into reports of massive data theft affecting decades of Ubisoft’s internal files.
What Happened With Rainbow Six Siege
Players logged into Rainbow Six Siege on December 27 to find something incredibly strange. Their accounts were flooded with astronomical amounts of R6 Credits, Renown, and Alpha Packs, worth potentially trillions of dollars in real-world value. Hackers had gained control of Ubisoft’s internal systems and were manipulating player accounts, currencies, and even the game’s ban system.
The attackers didn’t stop at giving away free currency. They weaponized the anti-cheat ban system to target high-profile accounts including Ubisoft administrators and prominent streamers. Cryptic messages appeared through sequential bot account bans reading “What else are they hiding from us?” using the ban notification system as an unconventional communication channel.
Ubisoft acknowledged the incident at 9:10 AM EST on December 27 via Twitter, stating their teams were working on a resolution. Within 30 minutes, they made the unprecedented decision to shut down all Rainbow Six Siege servers across PC, PlayStation, and Xbox platforms. The marketplace was taken offline completely. As of December 28, 2024, the servers remain down with no confirmed restoration date.
The MongoBleed Vulnerability Explained
Initial reports suggested hackers exploited a critical MongoDB vulnerability called “MongoBleed” (CVE-2025-14847) to breach Ubisoft’s infrastructure. This security flaw allows unauthenticated remote attackers to leak memory from exposed MongoDB instances, potentially exposing credentials, authentication keys, and other sensitive data.
MongoBleed has a CVSS severity score of 8.7 out of 10, making it a high-priority threat. The vulnerability affects MongoDB servers with zlib compression enabled and requires no authentication to exploit. A public proof-of-concept exploit has been released, and security researchers confirmed approximately 87,000 MongoDB instances are currently exposed online.
However, security research group VX-Underground later clarified that the MongoBleed connection was partially fabricated. While one hacker group did use the vulnerability, another group lied about using MongoBleed to cover how they actually obtained Ubisoft’s source code, which they had possessed for some time before the December incident.
Multiple Hacker Groups Involved
The situation became more complex as investigators discovered at least three separate hacker groups targeted Ubisoft simultaneously, each with different objectives and methods.
Group One orchestrated the visible Rainbow Six Siege attack, manipulating in-game currencies and the ban system. They gained administrative access to core database functions, allowing them to arbitrarily modify player inventories and account statuses. According to VX-Underground, this group did not access player personal information.
Group Two claimed they exploited MongoBleed to steal Ubisoft source code spanning from the 1990s to present day. VX-Underground confirmed they possess genuine Ubisoft internal source code but determined their MongoBleed claims were false. They had access to this data previously and used the December chaos as cover to release it publicly.
Group Three claimed unauthorized access to user databases and attempted extortion via Telegram, demanding cryptocurrency payments. Security researchers deemed their claims largely fake and assessed them as opportunistic actors trying to capitalize on the legitimate breaches.
| Hacker Group | Target | Verified Status |
|---|---|---|
| Group 1 | Rainbow Six Siege servers, in-game systems | Confirmed genuine |
| Group 2 | Source code (900GB claimed) | Have source code, lied about method |
| Group 3 | User databases, extortion attempt | Claims deemed fake |
The Source Code Leak Claims
Unverified reports suggest hackers accessed approximately 900GB of internal Ubisoft data including source code, software development kits, multiplayer infrastructure, and development assets. This allegedly includes materials from games dating back to the 1990s through current titles in development.
One threat actor reportedly had access to Ubisoft’s Teams, Confluence, and SharePoint platforms for 48 hours before their access was terminated. While they intended to extract the full 900GB of data, it remains uncertain how much information was successfully exfiltrated before the connection was severed.
If verified, this would represent one of the largest source code leaks in gaming industry history. Previous major incidents include the CD Projekt Red hack in February 2021 (affecting Cyberpunk 2077, The Witcher 3, and Gwent) and the Rockstar Games leak in September 2022 (exposing GTA 6 footage and internal files).
Ubisoft’s Response And Rollback Plans
Ubisoft confirmed they are implementing a comprehensive data rollback to restore all player accounts to their pre-incident states. While this will eliminate the fraudulent currency and items, it also means legitimate progress made during the affected timeframe will be lost.
The company stated no players will be banned for receiving or spending the illicit credits, recognizing that players had no control over the situation. They also clarified that the ban ticker messages were not from Ubisoft, as that feature had been disabled in a previous update.
Security experts at Aardwolf Security analyzed the breach and stated it indicates serious backend vulnerabilities. When attackers can arbitrarily modify player currencies, inventories, and account statuses, they have essentially gained administrative access to core database functions. The attack likely exploited API endpoints that lacked proper authentication or authorization checks.
What Players Should Do Now
While Ubisoft has not confirmed whether player personal information was compromised, security experts strongly recommend taking precautionary measures. Anyone with a Ubisoft account, especially those linked to Rainbow Six Siege, should change their passwords immediately.
Players should avoid logging into Ubisoft Connect until the company verifies server integrity and provides an official all-clear. The Rainbow Six Siege status page currently shows an unplanned outage across all platforms with no estimated time for restoration.
Monitor your connected payment methods and bank accounts for any suspicious activity. While there is no confirmed evidence of financial data theft, the scope of the breach remains under investigation. Enable two-factor authentication on your Ubisoft account if you haven’t already done so.
Impact On The Gaming Industry
This incident serves as a wake-up call that even long-established games from major publishers are not immune to sophisticated cyberattacks. Rainbow Six Siege, approaching its ninth birthday, remains one of the most popular competitive multiplayer games and a reliable revenue source for Ubisoft.
The breach occurred during a critical time for Ubisoft, which has faced business challenges including underperforming new releases like Star Wars Outlaws and XDefiant. The company recently dealt with controversy over The Crew lawsuit, where they argued players don’t actually own the games they purchase, only a limited license to access them.
Hundreds of thousands of Rainbow Six Siege players have been locked out of the game for over 24 hours, with mounting frustration over vague updates and no clear restoration timeline. The extended downtime during a holiday weekend has amplified community discontent.
FAQs
When will Rainbow Six Siege be back online?
Ubisoft has not provided a specific estimated time for restoration as of December 28, 2024. The company stated the rollback is being handled with extreme care and quality control testing, but servers remain offline indefinitely across all platforms including PC, PlayStation, and Xbox.
Was player personal information stolen in the Ubisoft breach?
Ubisoft has not confirmed whether player personal data was compromised. According to security researchers, Group 1 who attacked Rainbow Six Siege reportedly did not access user data. However, Group 2’s source code claims and the full extent of data exposure remain under investigation.
Will I lose my progress in Rainbow Six Siege?
Yes, Ubisoft is implementing a complete rollback to restore all accounts to their state before 11:00 AM UTC on December 27, 2024. Any legitimate progress, purchases, or achievements made after that timestamp will be lost. However, you won’t be banned for receiving or spending the fraudulent currency.
What is MongoBleed and how does it work?
MongoBleed (CVE-2025-14847) is a critical vulnerability in MongoDB that allows unauthenticated attackers to extract fragments of uninitialized server memory when zlib compression is enabled. It requires no credentials and can expose sensitive data like passwords, authentication keys, and application secrets. However, VX-Underground confirmed that claims about MongoBleed being the sole attack vector were partially false.
Should I change my Ubisoft password?
Yes, security experts strongly recommend changing your Ubisoft password as a precautionary measure, especially if your account is linked to Rainbow Six Siege. Enable two-factor authentication if you haven’t already, and monitor your connected payment methods for suspicious activity.
How much source code was stolen from Ubisoft?
Unconfirmed reports suggest approximately 900GB of data including source code, development tools, and assets dating from the 1990s to present day may have been accessed. VX-Underground confirmed that at least one hacker group does possess genuine Ubisoft source code, though the full extent remains unverified.
Has Ubisoft been hacked before?
Yes, Ubisoft experienced a cybersecurity incident in March 2022 that caused temporary disruption to games, systems, and services. The company implemented a company-wide password reset at that time but stated there was no evidence of player personal information being accessed. They also had Watch Dogs Legion source code leaked in November 2020.
What games are affected by this breach?
Rainbow Six Siege is the only game currently offline due to the breach. However, if the source code theft claims are accurate, internal development files for multiple past and future Ubisoft titles may have been compromised, potentially affecting games from the 1990s through current projects in development.
Conclusion
The Ubisoft breach represents a multifaceted security crisis involving simultaneous attacks from multiple hacker groups with different objectives and methods. While Rainbow Six Siege players face frustrating downtime and lost progress, the potentially larger concern is the unconfirmed source code theft that could impact Ubisoft’s entire development pipeline. As investigations continue, the gaming community awaits official confirmation about the full scope of compromised data. This incident underscores the critical importance of robust cybersecurity measures in an industry increasingly targeted by sophisticated threat actors. Players should remain vigilant, take recommended security precautions, and monitor official Ubisoft channels for updates on server restoration and any confirmed data exposure.