Rainbow Six Siege Servers Back Online After Massive MongoDB Hack

Rainbow Six Siege is finally back. Sort of.

Ubisoft confirmed servers are live again after a weekend shutdown caused by what appears to be one of the most significant gaming security breaches in recent memory. The tactical shooter went dark on Saturday following a hack that flooded player accounts with billions of in-game credits.

Players logging in now should brace themselves for queues and missing inventory items. The marketplace? Still locked down.

What Actually Happened

Saturday morning started weird. Players worldwide reported finding roughly 2 billion R6 Credits dropped into their accounts without warning. That's about £10 million worth of premium currency per player, based on Ubisoft's standard pricing.

But the credits weren't the only problem.

Rare developer skins appeared in inventories. Account bans triggered randomly. Some bans reversed themselves minutes later. The game's ban ticker displayed messages mocking Ubisoft executives. Players who simply logged in got flagged by automated systems.

Nobody touched anything. Just being online was enough.

Ubisoft initially called it an "incident" and took servers offline within hours. The marketplace followed shortly after. That was two days ago.

The MongoDB Connection

Security researchers quickly pointed fingers at MongoBleed, a vulnerability tracked as CVE-2025-14847. The flaw lets attackers read uninitialized memory from MongoDB databases without authentication.

Think of it like this: someone knocks on your door, you open it, and they peek at everything in your hallway before you've said a word. Except the hallway contains credentials, authentication keys, and possibly source code.

Threat intelligence group VX-Underground reported multiple hacker groups claimed involvement. One group says they exploited Rainbow Six services to manipulate bans and inventory. Another claimed they pivoted from MongoDB into Ubisoft's internal Git repositories, accessing source code dating back to the 1990s. A third group threatened extortion over stolen user data.

A fourth group disputed these claims entirely, suggesting the source code access existed long before this weekend's chaos.

Ubisoft hasn't confirmed any of these claims publicly. The company maintains radio silence on whether this extended beyond the game itself.

What Players Need to Know

Servers reopened Sunday evening UK time. Here's what that means for you:

Expect login queues as services scale back up. If you didn't log in between December 27 at 10:49 UTC and December 29, your inventory should look normal. If you did log in during that window, you might temporarily lose access to owned items. Ubisoft says they'll investigate and correct these cases over the next fortnight.

The marketplace stays closed indefinitely while investigations continue.

Nobody gets banned for spending the fake credits. Ubisoft rolled back all transactions from 6AM EST Saturday onwards. That means purchases, sales, everything. Gone.

The Bigger Picture

Rainbow Six Siege isn't the only victim here. MongoBleed affects MongoDB versions from 3.6.0 onwards. That covers installations dating back to 2017. Censys identified over 87,000 potentially vulnerable MongoDB instances exposed to the internet. Other estimates push that number above 200,000.

A public proof-of-concept exploit became available on December 26. Within hours, security researchers confirmed exploitation in the wild.

MongoDB patched the vulnerability on December 19. Self-hosted instances remain vulnerable until admins apply updates manually. Atlas users received automatic patches. The affected versions span 8.2.0 through 8.2.2, 8.0.0 through 8.0.16, 7.0.0 through 7.0.27, and several legacy releases.

If you're running MongoDB anywhere, patch now. The exploit is trivial to execute.

What Comes Next

Ubisoft promised "investigations and corrections" will continue over the next two weeks. The marketplace reopening depends on those findings. Some players will discover missing cosmetics or items when they log in. Ubisoft says these are flagged for correction.

The company hasn't addressed the broader claims about source code theft or user data compromise. Security researchers urge players to change passwords and remove payment details from Ubisoft accounts as a precaution. Watch for phishing emails claiming to be Ubisoft Support asking for credentials.

Rainbow Six Siege maintains a steady player base and its own esports ecosystem. The game went free-to-play earlier this year following a major overhaul. Ubisoft generates revenue through cosmetic purchases via the now-shuttered marketplace.

This isn't the first time Siege faced security threats. A 2023 cyberattack targeted 900GB of internal data before Ubisoft contained it. That incident didn't compromise player accounts. This one? The jury's still out.

For now, servers are live. Sort of. With queues. And missing items. And a closed marketplace. Welcome back to Rainbow Six Siege.