Video game publisher Ubisoft Entertainment SA has been forced to take its popular multiplayer game “Tom Clancy’s Rainbow Six Siege” offline following a breach that manipulated core gameplay systems and injected massive amounts of value into player accounts.

Players logging into the game on Dec. 27 were greeted by billions of additional game credits. According to Bleeping Computer, about 2 billion in R6 game credits were granted to players, with a rough value of $13.33 million.

Along with flooding the game with in-game currency, the attackers also manipulated R6’s ban and moderation systems, randomly banning and unbanning players and even broadcasting taunting or cryptic messages through administrative feeds.

Given the size of the breach and potential losses, Ubisoft then made an unprecedented decision to shut down all “Rainbow Six Siege” servers globally, including the in-game marketplace and associated services.

“A rollback is currently ongoing and afterwards, extensive quality control tests will be executed to ensure the integrity of accounts and effectiveness of changes,” a post on the Rainbow Six Siege X account on Sunday reads. “The team is focused on getting players back into the game as quickly as possible. Please know that this matter is being handled with extreme care and therefore, timing cannot be guaranteed. We will provide another update as soon as we know more.”

Initial analysis suggests the breach may stem from deeper vulnerabilities in Ubisoft’s backend infrastructure, possibly linked to exploitable database flaws that allowed attackers administrative control.

“This type of breach indicates serious backend vulnerabilities,” William Fieldhouse, director of penetrating testing services company Aardwolf Security Ltd., wrote in a blog post. “When attackers can arbitrarily modify player currencies, inventories and account statuses, they’ve essentially gained administrative access to core database functions. The inconsistent application of changes suggests either automated exploitation or multiple attack vectors being tested simultaneously.”

Aardwolf Security also suggested that the attack vector likely exploited application programming interface endpoints that lacked proper authentication or authorization checks.

Though the exact details of how the breach took place are not confirmed, in the meantime, hundreds of thousands of R6 players remained locked out of the game. The breach will also be a wake-up call for the gaming industry in that even long-established titles are not immune to sophisticated attacks.

Image: SiliconANGLE/Ideogram

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.

About SiliconANGLE Media

SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.