Cyber Incident Victim: R6DB
Date:
Sep 2017
Location:
France
Summary
Hackers compromised an online service providing Rainbow Six Siege player statistics by exploiting an exposed PostgreSQL database following an unplanned migration. The attackers deployed an automated bot to wipe the database and demand ransom, prompting the service to fully reinstall the affected server. While no personal player information was stored or exposed, significant historical gameplay statistics, progression charts, and partial alias records were permanently lost. The service attempted data restoration but confirmed irrecoverable losses spanning approximately a month of alias data and broader historical metrics, requiring gradual re-indexing of player profiles through future user searches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 30, 2017, attackers compromised the R6DB online service, which provided statistical tracking for Rainbow Six Siege players. The breach occurred when an automated bot accessed the service's PostgreSQL database, which had been inadvertently left exposed following an unplanned system migration. Upon gaining access, the attackers executed a destructive operation by wiping the entire database contents. They replaced the deleted data with a ransom note demanding payment for its restoration. R6DB detected the intrusion over the weekend, leading to immediate service disruption. The company publicly confirmed the security incident on October 1, disclosing both the database wipe and ransom demand. Initial forensic analysis indicated no evidence that attackers exfiltrated or retained copies of the data prior to deletion. R6DB emphasized that no personal player information was compromised, as the service exclusively maintained gameplay statistics rather than sensitive user details.
In response to the attack, R6DB initiated containment measures by wiping the affected server and performing a complete operating system reinstallation. Recovery efforts focused on restoring historical gameplay statistics from available backups, though the company confirmed permanent loss of certain datasets. Specifically, all progression charts tracking player performance over time were irrecoverably destroyed, requiring players to rebuild these metrics from scratch. Approximately one month's worth of player alias records was also lost, while older alias data remained partially intact. The service implemented a re-indexing process to gradually reconstruct player profiles through user searches, though this recovery method depended on external triggers rather than systematic restoration. Operational impacts included the permanent erasure of historical gameplay trends and temporary degradation in profile completeness until the re-indexing process could repopulate basic statistics. R6DB did not disclose whether the ransom was paid or if law enforcement agencies were involved in investigating the attack.