Rainbow Six Siege Servers Offline After Massive Breach Floods Accounts with Billions of R6 Credits

An internal system failure allowed large-scale abuse of moderation and economy features before Ubisoft intervened.

Internal tools reportedly abused

Rainbow Six Siege players began reporting widespread irregularities affecting the game’s core systems over the weekend. Screenshots and videos circulating online showed accounts being banned and unbanned at will, unusual messages appearing in moderation feeds, and inventories suddenly filling with content that would normally require years or significant spending to obtain.

The most striking impact was economic. Players worldwide reportedly received roughly two billion R6 Credits and Renown, alongside access to every cosmetic item in the game, including assets typically reserved for developers. Because R6 Credits are sold for real money, the sudden influx severely distorted the game’s virtual economy.

Ubisoft confirms issue, takes game servers offline

Ubisoft acknowledged the situation publicly on Saturday morning, stating that it was aware of an issue affecting Rainbow Six Siege and that remediation efforts were underway. Shortly after, the company shut down both the game and its in-game Marketplace to prevent further abuse.

In a subsequent update, Ubisoft eased some worries by clarifying that players would face no penalties for using the improperly granted currency. However, the publisher said it would roll back all transactions conducted after a specific cutoff time, effectively reversing purchases and changes made during the incident window.

Rollbacks planned

The company also addressed concerns around moderation messaging, noting that the ban ticker messages seen by players were not generated by Ubisoft and that the feature had already been disabled. Despite these clarifications, Ubisoft has yet to release a detailed explanation of how threat actors gained the level of access required to manipulate internal systems.

That lack of transparency has fueled speculation within the security community. Ubisoft has not publicly confirmed whether the incident stemmed from a vulnerability, misconfiguration or compromised credentials, leaving the root cause unresolved.

Claims of a bigger incident

Beyond the confirmed in-game abuse, unverified claims suggest a potentially larger compromise of Ubisoft’s infrastructure. Some threat actors allege that a recently disclosed MongoDB vulnerability was used to access internal systems, source code repositories or even user data, although these allegations remain unproven.

Currently, no publicly available evidence supports claims of stolen customer data or source code. For now, the only confirmed incident remains confined to Rainbow Six Siege’s internal systems, with further details pending any formal disclosure from Ubisoft.