Cyberattack hits Ubisoft’s Rainbow Six Siege game

Ubisoft has confirmed that its Rainbow Six Siege tactical shooter game's internal systems were compromised in a cyberattack over the weekend, which has allowed threat actors to ban or unban players, show fraudulent ban messages, unlock all in-game cosmetic items, and gift nearly 2 billion R6 Credits and Renown to all players, BleepingComputer reports. R6 and its in-game Marketplace were immediately taken down upon discovery of the breach, with Ubisoft clarifying that players who spent the provided credits would not be penalized but all transactions since 11:00 AM UTC would be overturned. Additional details regarding the incident remain uncertain amid ongoing server restoration efforts. However, Ubisoft's servers were allegedly compromised by two different threat groups through an exploit for the critical MongoBleed vulnerability, tracked as CVE-2025-14847. Another threat operation claimed to have abused R6's service to alter bans and in-game inventory, while another noted that the hacking group that had used MongoBleed to infiltrate Ubisoft's internal Git repositories already had long-term access to the game publisher's source code.