Ubisoft has suffered an attack on its Rainbow 6 Siege service. The hack allowed the interlopers to ban and unban players at will, modify inventory and just generally screw around with in-game stats per player.

From initial reports, there were apparently four groups of hackers, all working concurrently, but each to a different goal.

• The first group of hackers apparently gifted roughly $339,960,000,000,000 worth of in-game currency to players, filled their inventories with all manner of bonus items and ultra-rare player skins that they would normally have had to pay actual real world money for, and other “adjustments”. Ubisoft is doing (or has done by now) a rollback of the database to undo all this damage.
• A second group, unrelated to the first one, exploited a MongoDB instance from Ubisoft, using MongoBleed, a database exploit which allowed them at least partial access to an internal Git source code repository. They claim to have exfiltrated a large portion of Ubisoft’s internal source code. They assert that the code dates from the 90’s to the present, including software development kits, multiplayer services, and so forth — essentially, everything Ubisoft has ever written. However, this group has provided no evidence whatever that they actually have any of these materials, and these claims are now cast in doubt.
• A third group claimed to have compromised Ubisoft and pilfered user data by exploiting MongoDB via Mongobleed and was group is trying to extort Ubisoft. This claim has since been walked back.
• The fourth group contends that the second group is lying about having recently acquired the source code, claiming that that second group has had this access for a long while. However, they also say that the second group is trying to masquerade as the first group to give them a reason to leak the source code. Both the first and fourth groups have expressed frustration about this.

The net takeaway is apparently, one hack disrupted the marketplace in Rainbow 6 Siege, and bans and unbans were issued apparently at random. The other so-called hacks never truly existed, and were mostly just various hacker groups jockying for street cred by making false public statements. There was a breach, yes, and a bad one, but the rest of it seems to be just various groups of online miscreants rabbit-kicking each other in online forums.

The game is currently back online, having been restored to service by Ubisoft, though the marketplace is still offline and inaccessible to players.

The devs clarified that those returning to the game right now might experience a wait queue as Rainbow Six Siege‘s services ramp back up. Those who connected to the game’s services after December 27th, 19:49 UTC, might lose access to their accounts temporarily as Ubisoft looks to clean up all the extra free goodies that many Siege players received from yesterday’s hack. But, “players who did not log in between December 27th, 10:49 UTC and December 29th should see no changes to their inventory.” The devs report their investigation into this issue will continue over the next two weeks. In a similar vein, the devs also reported that the Rainbow Six Siege marketplace will remain closed until further notice.

The attack is one of the biggest ones in recent history, owing to the entire game having to be taken offline to stop the attackers.

At the time of writing, Rainbow Six Siege‘s playerbase on Steam has completely recovered, reaching an average of 54,000 concurrent players yesterday and 50,000 so far today. These match the game’s average weekly concurrent player spikes of 50,000 to 60,000 players, respectively. The game has approximately 70 million registered player accounts. Rainbow Six was originally a novel written by Tom Clancy, and spawned a multi-billion dollar game franchise.