Massive Rainbow Six Siege Breach Gives Players Billions Of Credits

Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game currency and cosmetic items to accounts worldwide.

According to multiple player reports and in-game screenshots shared online, the attackers were able to:

R6 Credits are a premium in-game currency sold for real money on Ubisoft's store. Based on Ubisoft's pricing, 15,000 R6 Credits cost $99.99, placing the value of 2 billion credits at roughly $13.33 million worth of in-game currency distributed for free.

At 9:10 AM on Saturday, the official Rainbow Six Siege account on X confirmed the incident, stating that Ubisoft was aware of an issue affecting the game and that teams were working to resolve it.

Shortly afterward, Ubisoft intentionally shut down Rainbow Six Siege and its in-game Marketplace, stating they were still working on the issue.

"Siege and the Marketplace have been intentionally shut down while the team focuses on resolving the issue," reads a post on X.

In a final update, Ubisoft clarified that players would not be punished for spending the granted credits, but that it would be rolling back all transactions made since 11:00 AM UTC.

The company also stated that Ubisoft did not generate the messages seen in the ban ticker and that the ticker had been disabled previously.

Ubisoft said it was continuing to work toward fully restoring the game, but the servers remain down at this time.

At this time, Ubisoft has not released a formal statement regarding the incident and has not responded to emails from BleepingComputer requesting details on how the breach occurred.

Source: BleepingComputer