Ethical Hacking News
Ubisoft's Rainbow Six Siege suffers massive breach, with hackers distributing billions of in-game credits and cosmetic items to player accounts worldwide. The breach has left the gaming community reeling, with reports of fake ban messages on the ban ticker and players receiving unprecedented amounts of in-game currency.
Rainbow Six Siege suffered a massive breach that allowed hackers to gain unauthorized access to its internal systems. The breach resulted in the distribution of billions of in-game credits and cosmetic items to player accounts worldwide. The attackers exploited vulnerabilities in R6's system to manipulate moderation feeds, ban and unban players, and grant massive amounts of in-game currency and items without user consent. Ubisoft confirmed the breach and assured players that they would not be punished for spending the granted credits, but rolled back all transactions made since December 27. Rumors emerged of a larger breach within Ubisoft's infrastructure, potentially exploiting the "MongoBleed" vulnerability, with claims of stealing user data and accessing internal source code.
Ubisoft's popular multiplayer game, Rainbow Six Siege (R6), has suffered a massive breach that has left players reeling. The breach, which was discovered on December 27, 2025, allowed hackers to gain unauthorized access to the game's internal systems, resulting in the distribution of billions of in-game credits and cosmetic items to player accounts worldwide.
According to multiple reports from players and in-game screenshots shared online, the attackers were able to exploit vulnerabilities in R6's system to manipulate in-game moderation feeds, ban and unban players, and grant massive amounts of in-game currency and cosmetic items to accounts without user consent. The extent of the breach is staggering, with estimates suggesting that players received approximately 2 billion R6 Credits and Renown, a premium in-game currency.
In response to the incident, Ubisoft issued an official statement confirming the breach and assuring players that they would not be punished for spending the granted credits. However, the company also stated that all transactions made since 11:00 AM UTC on December 27, 2025, would be rolled back. The servers remain down at this time as Ubisoft continues to work towards fully restoring the game.
Rumors have emerged of a larger breach within Ubisoft's infrastructure, with security research group VX-Underground claiming that threat actors exploited a recently disclosed MongoDB vulnerability dubbed "MongoBleed" (CVE-2025-14847) to gain access to Ubisoft's internal systems. Multiple unrelated threat groups are believed to have targeted Ubisoft, with claims of exploiting Rainbow Six Siege services, accessing internal source code, and stealing user data.
The true extent of the breach and the extent of damage caused by the hackers are still unknown, as BleepingComputer was unable to independently verify any of the claims made by VX-Underground. However, the incident highlights the ongoing threat of cyberattacks on online gaming platforms and the importance of robust security measures in place to protect user data.
This breach serves as a reminder that even large and reputable companies such as Ubisoft are not immune to cyber threats. The incident also underscores the need for players to be vigilant when playing online games and to report any suspicious activity to the game developers or authorities.
Ubisoft's Rainbow Six Siege suffers massive breach, with hackers distributing billions of in-game credits and cosmetic items to player accounts worldwide. The breach has left the gaming community reeling, with reports of fake ban messages on the ban ticker and players receiving unprecedented amounts of in-game currency.
Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Massive-Rainbow-Six-Siege-Breach-Billions-of-Credits-at-Stake-ehn.shtml
https://www.bleepingcomputer.com/news/security/massive-rainbow-six-siege-breach-gives-players-billions-of-credits/
https://nvd.nist.gov/vuln/detail/CVE-2025-14847
https://www.cvedetails.com/cve/CVE-2025-14847/
Published: Sat Dec 27 23:50:17 2025 by llama3.2 3B Q4_K_M
