What Happened
- In-Game Disruptions: Attackers flooded nearly every player's account with approximately
2 billion R6 Credits (premium currency typically purchased for real money—15,000 credits cost ~$100) and unlimited Renown (free in-game currency). This nominally equated to $339 trillion in value across ~30 million active players, though the actual real-world cost was estimated at $13.3 million if bought legitimately.
- Other Abuses: All cosmetic items and ultra-rare developer skins were unlocked for players. Hackers arbitrarily banned/unbanned accounts, hijacked the ban ticker (disabled years ago) to post taunting messages (e.g., "What else are they hiding from us?", Shaggy lyrics), and manipulated inventories.
- Timeline:
- Dec 27, ~11:00 AM UTC: Hack begins; credits/items distributed.
- Dec 27, ~1:00 PM UTC: Ubisoft shuts down servers & Marketplace.
- Dec 27, evening: Announces rollback & no bans for spending credits.
- Dec 28: Rollback in progress; soft launch tests.
- Dec 29, early: Full relaunch; queues reported but resolved. Marketplace remains offline.
Ubisoft's Official Response
Via the @Rainbow6Game X account:
- Confirmed an "incident" affecting R6S; teams "working on a resolution."
- No player punishments: "Nobody will be banned for spending credits received."
- Rollback: Reverted all transactions since 11:00 AM UTC Dec 27. Players who didn't log in post-hack see no changes; others may temporarily lose items (fixes promised within 2 weeks).
- Ban Ticker: "Turned off in a past update. Any messages seen were not triggered by us."
- Current Status (as of Dec 29): Servers fully online after soft launch. Marketplace closed "until further notice" for ongoing investigations. Queue/sync issues fixed; monitoring continues.
Ubisoft has not issued a formal press release labeling it a "hack" or detailing the root cause, focusing instead on recovery.
Technical Details & Likely Cause
- MongoBleed Vulnerability (CVE-2025-14847)I: A critical unauthenticated memory leak in exposed MongoDB instances (via zlib compression flaw). Allows attackers to extract credentials/keys from server memory without login. PoC exploit released publicly on GitHub/Reddit Dec 26, 2025, by researcher Joe Desimone—leading to a surge in scans/exploits.
- Multiple hacker groups claimed involvement (e.g., via Telegram), but details are murky—some focused on R6S chaos, others on extortion.
Rumors of Massive Data Breach
- Claims: 900GB+ of source code (1990s games to unreleased titles like Assassin's Creed/Splinter Cell), terabytes of tools/SDKs, player PII (banking/passwords). Ransom demands issued.
- Reality: Exaggerated for clout. Sources close to the incident confirm no evidence of such leaks—groups retracted claims or provided fakes. Earlier 2025 leaks (e.g., Far Cry "Talisker") were unrelated/known. No source code dumps verified; focus was R6S internals only. Ubisoft aware but silent on broader claims.
Player & Business Impact
- Players: Temporary item losses for some; no permanent bans/cheater waves tied to this (separate ShieldGuard ban wave occurred).
- Ubisoft: Servers down during holidays hurt revenue (Marketplace offline). Stock already low; no direct financial hit confirmed beyond in-game economy reset.
- No Confirmed PII Leak: Focus was game systems, not accounts.
Advice: Change passwords if concerned (standard post-incident). Monitor Ubisoft/R6S updates for item restores. Game is playable now—watch for patches.
This appears isolated to R6S; other Ubisoft titles unaffected. Ongoing probes may reveal more.
Sources
- Insider Gaming coverage and analysis:
- Official Rainbow Six Siege updates on X:
- MongoBleed vulnerability details (CVE-2025-14847):
- Community discussions and timelines on Reddit (r/Rainbow6): https://www.reddit.com/r/Rainbow6/comments/1hm5k2j/megathread_r6_incident_december_2025/
