On December 27–28, 2025, Ubisoft’s popular online shooter TomClancy’s Rainbow Six Siege experienced a major security breach that disrupted game operations and exposed serious vulnerabilities in its backend infrastructure. Reports emerged that unknown threat actors had gained unauthorized access to internal systems, allowing them to manipulate game mechanics and player accounts in unprecedented ways. This incident was confirmed by Ubisoft through its official Rainbow Six Siege X account, which acknowledged an ongoing issue affecting the game and the need for investigation and remediation.

Once the breach was underway, attackers abused internal tools to perform a wide range of disruptive actions. Players worldwide reported that every account logged in during the attack window was credited with an enormous amount of in-game currency, with most seeing roughly 2 billion R6 Credits and Renown suddenly added to their inventories. These credits are a premium currency normally bought with real money, and at typical pricing (15,000credits for $99.99) the unauthorized distribution was valued at roughly $13.3million in virtual goods. In addition to currency inflation, attackers reportedly unlocked all cosmetic items, including ultra-rare and developer-only skins, and manipulated game moderation feeds, showing fake ban messages and issuing bans or unbans arbitrarily across player accounts.

In response to the chaos, Ubisoft took decisive action to contain the situation. The company shut down Rainbow Six Siege across all platforms—including PC, PlayStation, and Xbox—and disabled the in-game marketplace to prevent further exploitation of the game’s economy and to halt additional unauthorized credits or item transfers. Officials also clarified that players would not be penalized simply for having or using the illegitimate credits, but that all transactions made during the breach window (specifically since 11:00 AM UTC on December 27) would be rolled back as part of recovery efforts to restore account and economic integrity.

While Ubisoft focused on stabilizing its services, broader community reporting and security analysts raised concerns about how the breach occurred and what vulnerabilities were exploited. Some cybersecurity sources linked the incident to a recently disclosed MongoDB memory-leak flaw dubbed “MongoBleed” (CVE-2025-14847), which could allow unauthenticated attackers to extract internal credentials and tokens from exposed database instances. Reports from threat intelligence groups suggested that multiple attacker groups may have been involved, potentially abusing these weaknesses to manipulate internal Git repositories or even attempt extortion, though these additional claims remain unverified publicly.

‍