Breach Forces Ubisoft to Take 'Rainbow Six Siege' Offline

Engadget reports on "a widespread breach" of Ubisoft's game Rainbow Six Siege "that left various players with billions of in-game credits, ultra-rare skins of weapons, and banned accounts."

Ubisoft took the game's servers offline early Saturday morning, and as of Sunday night its status page still shows "unplanned outage" on all servers across PC, PlayStation and Xbox: Ubisoft later clarified Saturday afternoon on X that nobody would be banned if they spent their ill-gotten credits, but that a rollback of all transactions starting from Saturday, 6AM ET would soon be underway.
Founded 39 years ago, France-based Ubisoft produces top videogame franchises like Assassin's Creed, with billions in revenue and over 17,097 employees worldwide.

why rollback?

[martin-boundary]

Wouldn't it be a more interesting experiment to give every current player the maximum credits that were "breached in"?

Re:

[gweihir]

Well, while this would certainly rid us of the pest that is Ubisoft, they are not dumb enough to go with "We got hacked, but we do not care about players and hence will do nothing!"

Re:

[DrMrLordX]

It's an f2p game. UBI charges money for those credits and skins.

Re:

[Voyager529]

It's an f2p game. UBI charges money for those credits and skins.

True as that may be, I'm thinking the idea still has merit.

For starters, they aren't making money while it was down. If their plan is to ban the users who received credits and skins in the breach, they can still do that, but also deal with whatever selling/trading happened - do you ban a player who traded skins with someone who got the skin from the hack? Do you not?

But they could deal with the currency influx by increasing the price of the skins/lootboxes/whatever, at least to some extent. Users would be a

Re:

[DrMrLordX]

According to the article in the summary, Ubisoft is rolling back all the illicitly-gained skins and credits. There won't be any duped/hacked assets for people to trade.

If Ubisoft didn't roll back the hack then there would be trillions of dollars worth of assets on accounts which would permanently eliminate those account holders from ever paying microtransactions, and any user not benefitting from the windfall would probably get pissed from being left out. Ubisoft would lose a significant amount of microtr

Re:

[radarskiy]

"Wouldn't it be a more interesting experiment"

It is an uncontrolled experiment, therefore not more interesting.

How pathetic

[gweihir]

I guess they though they could do IT security on the cheap, after all it is a pure const center and never a profit-center. Or so. Or rather the opposite. Morons.

Re:

[gweihir]

Who says they were being cheap in security?

Observable evidence. You may have heard of it, even if you probably do not understand the concept.

Re:

[ArchieBunker]

Post it then.

Re:

[drinkypoo]

Here it is [engadget.com].

Re:

[ArchieBunker]

Mentions nothing about their security practices or budget for security. Just the same tweet saying they were hacked. So I'll ask again for GP, how do you know they were cheap with security?

Re:

[Khyber]

Given their DRM is constantly hacked, I'll go with cheap on security.

Re:

[gweihir]

You seem to be confused about what "observable" means. Or probably you just lack the respective insights and skills.

Re:

[Ol Olsoc]

Who says they were being cheap in security?

Had to undo a mod point, because this is a watershed moment on Slashdot.

Sir! You have achieved something I was wondering if was even possible here on Slashdot. On top of your post, it has Re:How pathetic (Score:-1, Insightful)! I always wondered if such a thing were possible, to sit at -1 for something that is insightful or informative - and there it is.

I was hoping it would be me some day, but Congrats. Should we ever meet, I owe you a beer or whiskey.

Re:

[gweihir]

moderation abuse.

Yep. All "moderation abuse". Absolutely no connection to you frequently posting crap.

Re:

[gweihir]

Well, should I be surprised you have, once again, absolutely no insight? Naa, I will just say this is as expected.

Re:

[mjwx]

I guess they though they could do IT security on the cheap, after all it is a pure const center and never a profit-center. Or so. Or rather the opposite. Morons.

And with major publisher's new found love for always online games and DRM with activation limits you can expect more of this.. along with the decisions to shut down a game's servers because it's not selling enough any more (people have stopped buying gamble boxes and skins) which makes even the single player parts unplayable. Welcome to the future of gaming, if the publishers aren't shutting it down, the hackers will be.

Re:

[gweihir]

Indeed. If a game needs an internet connection and there is no strong reason for it, the only sane thing is to stay away.

Over 17,097 employees

[Calydor]

So ... 17,098?

New Ubisoft game in 2026:

[greytree]

Rainbow Six: System Operations - Stricter Password Enforcement

To be followed in 2027 by Rainbow Six: Code Review - More Careful Malloc Bounds Checking

Re:

[mjwx]

Rainbow Six: System Operations - Stricter Password Enforcement

To be followed in 2027 by Rainbow Six: Code Review - More Careful Malloc Bounds Checking

My first thought when reading the headline was that Breach Forces is the name of a game eating Ubisoft's lunch. So much so they'd shut down the servers.

Apparently due to leaving MongoDB exposed

[Athanasius]

That and the recent (the patch was released Xmas day, which alerted blackhats to it) exploit for MongoDB.

Source, a security researched on Mastodon who did some work on reporting the situation to Ubisoft: https://cyberplace.social/@Gos... [cyberplace.social] https://cyberplace.social/@Gos... [cyberplace.social]