On a day that began with a simple in‑game glitch, the online multiplayer title Rainbow Six Siege experienced a sudden surge of activity that revealed a serious cybersecurity incident. Ubisoft, the developer and publisher of the game, announced that its servers had been compromised, forcing the company to shut down the game’s online services and marketplace for an investigation. The breach has been described as a multi‑group attack that may have exposed both internal server data and source code that dates back to the 1990s.

Background

Rainbow Six Siege has been a staple of competitive gaming since its release in 2015. Its online community is large and active, and Ubisoft’s servers handle millions of concurrent players worldwide. In December 2025, players reported that their accounts were flooded with an unprecedented amount of in‑game currency, valued at a reported $340 trillion, along with rare developer skins and cosmetic items. The sudden influx of funds caused a spike in in‑game transactions and triggered account bans for several users. These bans were accompanied by log messages that mocked Ubisoft’s leadership, indicating that the attackers had gained deep access to the game’s management services.

Incident Details

The initial disruption appeared as an in‑game glitch, with many players celebrating the unexpected windfall. However, the situation quickly evolved into a more serious security breach. Ubisoft’s technical team identified unauthorized access to its internal systems and took the servers offline to prevent further damage. A subsequent rollback operation removed the illicit credits and cosmetic items from player accounts. Ubisoft confirmed that players would not be penalised for spending the illegal currency, but the company stated that the incident was only the tip of a larger problem.

Company Response

Following the discovery of the breach, Ubisoft shut down the Rainbow Six Siege servers and the associated marketplace. The developer announced a comprehensive investigation into the source of the attack and the extent of the damage. In a public statement, Ubisoft said that it had identified multiple points of compromise and was working to restore services while strengthening its security posture. The company also urged players to change their passwords and temporarily remove payment details from their accounts as a precautionary measure. Ubisoft warned against phishing attempts, advising users to verify the authenticity of any emails claiming to be from “Ubisoft Support.”

Hacker Groups Involved

According to a report from the cybersecurity community Vx-Underground, Ubisoft may have faced a multi‑front attack from up to four distinct hacker groups. The first group focused on disrupting gameplay and distributing the illicit currency. Other groups targeted the company’s core infrastructure. One group reportedly exploited a database vulnerability to gain access to an internal Git repository, from which it stole a large volume of Ubisoft’s source code. The stolen code reportedly spans from the 1990s to the present day and includes software development kits and multiplayer service components critical to Ubisoft’s game library.

A third group claimed to have stolen sensitive user data and threatened to extort the company. The fourth group suggested that the source code breach was not new, arguing that hackers had had long‑term access to Ubisoft’s internal systems and that the high‑profile Siege hack served as a distraction for a broader data leak.

Implications

The incident raises concerns about the security of digital gaming platforms and the protection of intellectual property. The potential exposure of source code from multiple decades could have implications for Ubisoft’s future development and for the broader industry. The breach also highlights the vulnerability of online services to coordinated attacks that combine financial exploitation with infrastructure sabotage.

Player Guidance

In response to the breach, Ubisoft has advised players to remain offline until the servers are fully restored. Players should change their account passwords, remove stored payment methods, and be wary of emails or messages that request personal or financial information. Ubisoft’s investigation will determine whether further action, such as account suspensions or legal measures, is necessary.

Forward Look

Ubisoft has not yet provided a definitive timeline for the return of Rainbow Six Siege services. The company has pledged to publish updates as its investigation concludes. Players and stakeholders can expect official communications from Ubisoft regarding the status of the servers, the extent of the data compromise, and any remedial steps that will be taken to prevent future incidents. The incident underscores the need for ongoing vigilance and robust security practices across the gaming industry.