Ubisoft Data Breach Brings Chaos To ‘Tom Clancy’s Rainbow Six Siege’, Stolen Info Reportedly At Center Of Multi-Group Hacker War
After a year filled with one self-inflicted disaster after another, Ubisoft closed out 2025 as the genuine victims to as massive data breach, the events of which have resulted in chaos for both the developer and the specific Tom Clancy’s Rainbow Six Siege community.
Between the bombing of Star Wars Outlaws, their continued mishandling of the Assassin’s Creed Shadows debacle, the backlash to their respective roles in both the creation of Clair Obscur: Expedition 33 and the ongoing legal battle against the Stop Killing Games initiative, and being legally accused of violating EU privacy laws, 2025 was a rough one of their own making for Ubisoft.
And on December 27th, Ubisoft saw their Christmas season go up in flames, as the day saw Tom Clancy’s Rainbow Six Siege falling victim to a widespread hack, the results of which included feeds being filled with a stream of ban announcements for (ostensibly spoofed) accounts whose one-word usernames recited the lyrics to Shaggy’s It Wasn’t Me, widely broadcast cryptic messages suggesting CEO Yves Guillemot’s involvement in the Epstein files, and generous handouts of rare cosmetics and in-game currency to random players.
One streamer, Rasco100, notably found himself on the receiving end of roughly 2.1 billion Credits, a total which would normally cost just shy of $14 million USD to purchase.
Pulling Rainbow Six Siege offline later that day, Ubisoft announced that although no one would be banned for spending any ‘surprise Credits’, they would be initiating a full server roll back in order to try and repair some of the damage done by the hackers, the results of which would reset players’ respective inventories and currency counts to their original levels.
Taking “extreme care” to make sure accounts stayed in their current condition, Ubisoft eventually brought the game back online on December 29th, albeit with the slight ‘work in progress’ note that “A small percentage of players may temporarily lose access to some owned items. Investigations and corrections will continue over the next two weeks.”
Unfortunately for Ubisoft, and more importantly players, it appears that the reality of the situation is both far worse and far harder to undo than the studio’s swift response would suggest.
Speaking to their findings via Twitter/X, the official account for vx-underground, a website dedicated to sharing information on malware and reporting on cybersecurity breaches, explained that rather than a solitary event done by a single group or individual, the Ubisoft hack was instead an insanely twisted spider’s web involving multiple actors moving to achieve their own separate, often mutually exclusive goals:
“THE FIRST GROUP of individuals exploited a Rainbow Six Siege service allowing them ban players, modify inventory, etc. These individuals did not touch user data (unsure if they even could). They gifted roughly $339,960,000,000,000 worth of in-game currency to players. Ubisoft will perform a roll back to undo the damages. They’re probably annoyed. I cannot go into full details at this time how it was achieved.
“A SECOND GROUP of individuals, unrelated to the FIRST GROUP of individuals, exploited a MongoDB instance from Ubisoft, using MongoBleed, which allowed them (in some capacity) to pivot to an internal Git repository. They exfiltrated a large portion of Ubisoft’s internal source code. They assert it is data from the 90’s – present, including software development kits, multiplayer services, etc. I have medium to high confidence this true. I’ve confirmed this with multiple parties.
A THIRD GROUP of individuals claim to have compromised Ubisoft and exfiltrated user data by exploiting MongoDB via MongoBleed. This group is trying to extort Ubisoft. They have a name for their extortion group and are active on Telegram. However, I have been unable to determine the validity of their claims.
A FOURTH GROUP of individuals assert the SECOND group of individuals are LYING and state the SECOND GROUP has had access to the Ubisoft internal source code for awhile. However, they state the SECOND GROUP is trying to hide behind the FIRST GROUP to masquerade as them and give them a reason to leak the source code in totality. The FIRST GROUP and FOURTH GROUP is frustrated by this.”
But in putting a final twist to the story, when vx-underground was ultimately able to piece together the actual sequence of events, the full-picture would reveal the involvement of a fifth group of players in the Ubisoft hack:
“GROUP ONE – Responsible for the Rainbow Six Siege incident, they gave away $339,000,000,000 worth of in-game currency and caused chaos. They’re now sort of laying low.
“GROUP TWO – Claims to have Ubisoft source code. They claimed it was from MongoBleed. This has been proven to be A LIE. However, they DO have internal things from Ubisoft. They lied how they achieved it (read more, GROUP FIVE)
“GROUP THREE – Has been lying on Telegram claiming to have compromised Ubisoft. They’re using fake data to try to intimidate Ubisoft, and Ubisoft customers, to pay them money. They’re all lying.
“GROUP FOUR – Very critical of GROUP TWO, calls GROUP TWO LIARS. GROUP FOUR says GROUP TWO is trying to bamboozle GROUP ONE
GROUP FIVE – GROUP FIVE appeared today and presented a comprehensive breakdown on the Ubisoft Rainbow Six Siege (and other) conflicts. GROUP FIVE illustrated step by step how all actions were performed. GROUP FIVE unveiled exactly how GROUP TWO managed to get access to Ubisoft internals (with photographic evidence). GROUP FIVE also provided code demonstrating how GROUP ONE did many things as well other things not reported. GROUP FIVE has a big swinging dick and isn’t fucking around. GROUP FIVE is pretty hardcore, not even memeing. They’re very intelligent and calculated in what they say and do. GROUP FIVE (probably) make and sell cheats for Ubisoft soft games and are very talented reverse engineers.
“Ubisoft is well aware of GROUP ONE, GROUP TWO, GROUP FOUR, and GROUP FIVE. GROUP FIVE also provided a comprehensive breakdown on how Ubisoft knows things.
“All of the groups listed, except GROUP THREE, know each other and operate loosely together, in some capacity, it’s basically a hardcore community of gaming Ubisoft nerds.
“GROUP FIVE has promised to do a write-up and technical breakdown at a later time which I can share publicly. However, they will not do it yet because of some stuff happening between GROUP ONE and GROUP TWO.”
At the time of writing on January 4th, Rainbow Six Seige was still under attack from the various hacker groups, with the latest attack unfolding in the form of random players being hit with 67-day-long suspensions, a deliberate reference to the ‘6-7’ meme that continues to plague our world, as well as forced server outages across all platforms.
As of January 6th, there appear to have been no further reports of significant problems – but the year, as they say, is still young.
