Your holiday gaming session just got complicated. Ubisoft pulled the plug on Rainbow Six Siege this weekend after hackers infiltrated the game's backend systems and unleashed chaos—distributing roughly 2 billion credits to every player, equivalent to about $13.3 million in premium currency if purchased legitimately.
The breach, which began Saturday morning, forced Ubisoft to execute an unprecedented total shutdown across PC, PlayStation, and Xbox platforms. Players logging in found their accounts flooded with impossible amounts of in-game money, ultra-rare developer-only skins, and randomly applied bans that targeted everyone from casual gamers to high-profile streamers.
"You could empty the store a dozen times over," journalist James Lucas told BBC News, highlighting the staggering scale of the attack. The timing couldn't be worse—the holiday period typically brings an influx of new players and revenue from in-game purchases, all of which ground to a halt when Ubisoft disabled the marketplace.
Rollbacks and Recovery
By Sunday evening, Ubisoft confirmed it had completed testing on an update and reopened servers to players, though the marketplace remains closed. The company rolled back all transactions made since 11:00 AM UTC on Saturday, essentially rewinding the clock to before the breach occurred.
In a statement on X, Ubisoft clarified that no players would be banned for spending the illicit credits they received, acknowledging that most had no idea they were caught in a security incident. The company also confirmed that ban messages displayed during the attack were not triggered by Ubisoft, but rather by the hackers who had commandeered the ban ticker system.
The recovery won't be instant. Players may encounter login queues as services ramp back up, and some cosmetic items might temporarily disappear from inventories while Ubisoft continues "investigations and corrections" over the next two weeks.
What Actually Happened?
While Ubisoft hasn't officially labeled the incident a "hack," the evidence points to a significant backend compromise. Hackers were able to manipulate in-game moderation feeds, grant massive amounts of currency and cosmetic items to accounts worldwide, and control the ban system—suggesting they had deep access to Rainbow Six Siege's internal systems.
Multiple hacker groups have claimed responsibility, with some alleging they exploited a MongoDB vulnerability called "MongoBleed" to access Ubisoft's infrastructure. However, these broader claims—including alleged access to unreleased game source code—remain unverified. What's confirmed is the in-game breach that disrupted millions of players' holiday gaming plans.
What Players Should Know
If you're returning to Rainbow Six Siege, here's what to expect:
- Your credits are gone (unless you didn't log in during the breach window)
- The marketplace stays closed until Ubisoft can guarantee security
- Login queues are likely as servers stabilize
- Some cosmetics might be temporarily missing from your inventory
- No bans will be issued for spending the gifted currency
Ubisoft has promised continued updates as it works to fully restore services and investigate how hackers penetrated systems meant to protect one of its most successful franchises.
Gaming's Hacking History
This isn't the first time major game companies have faced devastating security breaches. In 2011, PlayStation Network was taken offline for 24 days after hackers compromised about 70 million accounts. UK regulators fined Sony £250,000, with authorities stating the breach "could have been prevented."
More recently, Rockstar Games fell victim to hackers when early footage of the highly anticipated Grand Theft Auto 6 leaked online. A teenager was eventually sentenced in a UK court over the attack, which exposed one of gaming's most secretive development projects.
Ubisoft itself has been here before—the company suffered a 2013 hack that resulted in user account data being stolen, making this weekend's incident the second major security failure in the publisher's history.