Ubisoft has reportedly been affected by a significant data breach. While the company has not officially confirmed the identity of those responsible, rumors suggest the attack was carried out via MongoDB using a security exploit known as “MongoBleed.” The breach allegedly targeted Rainbow Six Siege and its backend systems on December 27. Following the incident, players reported widespread bans and unbans, while others claimed to have received billions of R6 Credits and Renown, as well as access to developer-only skins and Glacier cosmetics. In response, Ubisoft took all Rainbow Six Siege servers offline and advised players to remain offline to avoid potential issues related to the breach.
➡️ Nobody will be banned for spending credits received. A rollback of all transactions that occurred since 11 AM (UTC time) is underway.
➡️ The ban ticker was turned off in a past update. Any messages seen were not triggered by us.
➡️ An official R6 ShieldGuard ban wave did… https://t.co/zbPYDJQa3O
— Rainbow Six Siege X (@Rainbow6Game) December 27, 2025
Ubisoft has suffered a major breach: hackers exfiltrated terabytes of internal source code repositories covering nearly all games, tools, SDKs, and services from the 1990s to current projects.
The attack exploited a MongoDB vulnerability and coincided with the Rainbow Six Siege… pic.twitter.com/gJL52hfnKF
— Pirat_Nation 🔴 (@Pirat_Nation) December 28, 2025
Additional rumors claim that the Rainbow Six Siege incident may have been used as a smokescreen to distract the company while hackers allegedly stole source code for nearly every Ubisoft title ever developed. These reports further allege that more than 900GB of data was extracted, encompassing games, tools, SDKs, and services dating back to the 1990s, as well as current and unannounced future projects.
Ubisoft has since issued official statements acknowledging the impact of the incident. The company stated that players will not be banned for spending any credits received as a result of the breach, as a rollback of all transactions made since 11:00 AM UTC is currently underway. Ubisoft also clarified that the ban ticker had been disabled in a previous update and that any related messages were not triggered by the company. Additionally, it confirmed that a Rainbow Six Siege ShieldGuard ban wave did occur, but stressed that it is unrelated to this incident.
If confirmed in full, this would represent one of the largest security breaches in gaming history, particularly notable for being one of the rare cases in which a major hack has forced a live-service game to be taken offline.
Stay tuned at Gaming Instincts via Twitter, YouTube, Instagram, TikTok, and Facebook for more gaming news.
