Rainbow Six breach grants players 2 billion R6 credits

• Key takeaways: • Attackers abused internal Rainbow Six Siege systems to ban/unban players, show fake ban messages, and add roughly 2 billion R6 Credits and Renown. • All cosmetics — including developer-only skins — were unlocked; the credits are valued at about $13.3M based on Ubisoft pricing. • Ubisoft intentionally shut down Siege and the in-game Marketplace, said players won't be punished for spending the credits, and will roll back transactions since 11:00 UTC.

What happened

Ubisoft's Rainbow Six Siege experienced a significant in-game incident that allowed attackers to manipulate internal systems. Players reported receiving mass grants of R6 Credits and Renown, seeing fake ban messages on the ban ticker, and finding every cosmetic unlocked on affected accounts.

Multiple screenshots and player reports surfaced on social media, and the official Rainbow Six Siege X account confirmed Ubisoft was investigating the issue and working to resolve it.

Extent of the abuse

According to reports, attackers were able to ban and unban players, inject false ban messages into the game's ban ticker, and credit accounts with approximately 2 billion R6 Credits and an equivalent amount of Renown. R6 Credits are a paid currency; at Ubisoft's store pricing (15,000 credits = $99.99), 2 billion credits translates to roughly $13.33 million of in-game value.

Players also reported that every cosmetic item — including developer-only skins — was unlocked on affected accounts.

Ubisoft's immediate response

Ubisoft intentionally shut down Rainbow Six Siege and disabled the in-game Marketplace while teams investigated. A company update said players would not be punished for spending the granted credits, but Ubisoft will roll back all transactions made since 11:00 AM UTC.

Ubisoft also clarified it did not generate the fake ban ticker messages and noted the ticker had been disabled. As of the latest company posts, servers remain offline while remediation continues, and Ubisoft had not released a detailed postmortem at the time of reporting.

Claims of a larger infrastructure breach

Security researchers and third parties have circulated unverified claims that Ubisoft's broader infrastructure may have been compromised. VX-Underground reported threat actors claiming to have exploited a MongoDB vulnerability dubbed "MongoBleed" (tracked as CVE-2025-14847) that can leak memory from exposed MongoDB instances.

Those claims allege multiple groups targeted Ubisoft — some saying they manipulated in-game systems, others claiming access to internal Git repositories and large archives of source code, and still others claiming to have exfiltrated user data and attempted extortion. None of these broader claims have been independently verified.

What players should do

Players should monitor official Ubisoft channels for updates, avoid sharing personal account credentials, and expect transaction rollbacks from Ubisoft. If you notice account anomalies, contact Ubisoft support and consider enabling any available account protections.

This story will be updated if Ubisoft publishes a formal statement or if independent verification of the wider claims emerges.