Ubisoft Rainbow Six Siege servers shut down after multi-group cyberattack

Ubisoft experienced a significant security breach that forced the company to shut down Rainbow Six Siege game servers and marketplace after players discovered their accounts flooded with nearly $340 trillion worth of R6 credits, rare developer skins, and exclusive cosmetic items. 

What initially appeared to be a bizarre in-game glitch quickly escalated into a cybersecurity incident involving multiple hacker groups and the potential compromise of Ubisoft's internal infrastructure. 

The disruption included mysterious account bans accompanied by hijacked log messages mocking Ubisoft's leadership. It seems that attackers have gained access to the game's management services and backend systems.

According to security researchers at Vx-Underground, the incident involves a coordinated multi-front attack by up to four different hacker groups:

• The first group exploited a Rainbow Six Siege service that allowed them to ban players and modify inventories, gifting the massive amount of in-game currency to players without accessing user data.
• A second group, completely unrelated to the first, reportedly exploited a MongoDB instance using the MongoBleed vulnerability, which enabled them to pivot to an internal Git repository and exfiltrate a large portion of Ubisoft's internal source code.
• This group asserts the compromised data spans from the 1990s to present and includes software development kits, multiplayer services, and other critical code, claims that Vx-Underground indicates have medium to high confidence based on confirmation with multiple parties.
• A fourth group has disputed the second group's timeline, asserting that the second group has maintained access to Ubisoft's internal source code for an extended period and is using the high-profile Rainbow Six Siege incident as cover to leak the source code while masquerading as the first group. 

The compromised data includes:

• Internal source code dating from the 1990s to present
• Software development kits (SDKs)
• Multiplayer services code critical to Ubisoft's game library
• Sensitive user data (claimed by third group, specifics not disclosed)

The number of affected individuals has not been disclosed. Ubisoft took off Rainbow Six Siege servers and the in-game marketplace offline to investigate and contain the breach. 

The company confirmed that a complete rollback of all transactions made after 11:00 AM UTC is underway and assured players they would not be banned for spending the illegitimate currency they received during the incident. 

Ubisoft acknowledged the situation publicly and stated that teams are working on a resolution. The company has not confirmed the full cause of the incident, the complete extent of the data breach, or provided a timeline for when servers will be fully restored. 

Security experts and content creators are advising Rainbow Six Siege players to remain offline until the issue is completely resolved. As a precautionary measure, users should change their Ubisoft account passwords, temporarily remove payment details from their accounts, and exercise caution with any emails claiming to be from "Ubisoft Support" requesting passwords or payment information.