Cyber Incident Victim: Ubisoft
Date:
Dec 2025
Location:
France
Summary
Ubisoft reported that attackers infiltrated its tactical shooter, gaining control of core functions and distributing large amounts of in‑game currency and cosmetic items to players. The breach triggered widespread outages affecting authentication, matchmaking and the marketplace, prompting the company to take the servers offline. While services were later restored, the marketplace remained offline and a rollback of unauthorized items was initiated. Investigations into the incident continued, with the company stating that no personal data such as passwords or payment details had been accessed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Over the weekend of December 27‑28, attackers infiltrated Ubisoft’s Rainbow Six Siege and seized control of core game functions, creating a chaotic free‑for‑all that forced the publisher to take the servers and the associated marketplace offline. The intruders turned ban announcement pop‑ups into a meme ticker that dripped lyrics from “It Wasn’t Me” by Shaggy, took control of player bans and ban reversals, distributed approximately two billion in‑game credits—valued at roughly $13.33 million—and released an equivalent amount of the renown currency, while also unlocking all skins and cosmetic items for every player. Some accounts were banned during the incident, and Ubisoft later stated that players would not be punished for spending the credits the attackers had given them, while engineers began rolling back those unauthorized purchases as part of the recovery effort.
On December 29, Ubisoft announced that the Rainbow Six Siege servers were back online, although the marketplace remained offline despite the completion of the rollback process. The company clarified that players who had not logged in between December 27 and December 29 would see no impact on their inventories, whereas those who had logged in might temporarily lose access to some items. Investigations and corrections were said to continue over the next two weeks, and Ubisoft’s X post noted that teams were working on a resolution with further updates to follow. A separate X post by Taison TV characterized the breach as a “Trojan horse” intended to distract Ubisoft while hackers allegedly stole classified information, to which Ubisoft responded that it had not been able to access customers’ personal data such as passwords or bank details; the same day, Ubisoft also confirmed it would not release a second expansion for Assassin’s Creed Shadows.
A week later, on January 4, 2026, Rainbow Six Siege experienced another wave of service disruptions, with connectivity degraded across all platforms and outages reported for authentication, the in‑game store, and matchmaking. Players received notifications claiming sanctions for large numbers of reports or suspensions for “67 days due to Harassment,” and many were simply booted from the game without explanation. Although the situation was described as less severe than the December 27‑28 outage, the recurrence of issues only a week after the game had been restored suggested that not all vulnerabilities had been addressed. Ubisoft’s earlier statement on X had indicated that investigations and corrections would continue over the following two weeks, but as of this writing no new public statement had been issued by the Rainbow Six or Ubisoft accounts, and Gizmodo had reached out to the company for further details.