alt Hacker NewsRainbow Six Siege hacked as players get billions of credits and random bans
Comments
Hard to have sympathy for Ubisoft the company as they are regularly used as an example of the most anti-consumer practices out there. But the whole situation is a mess, and if anything, it is probably the consumers that will end up suffering the most for this.
It's not random bans, the nicknames are words from longer text. It's lyrics from Shaggy - It wasn't me.
It's a shame this game has to pander to eSports fanatics rendering it into a completely hollowed out soulless experience. From the early days of Operation Chimera to selling half of your stake and IPs to Tencent, Ubisoft has seen it all.
This is the nightmare scenario for live-service games: once the integrity of progression and bans is compromised, trust evaporates fast. Rolling back “billions of credits” is easy compared to undoing random bans.
https://x.com/vxunderground/status/2005008887234048091
Here's the word on the internet streets:
- THE FIRST GROUP of individuals exploited a Rainbow 6 Siege service allowing them ban players, modify inventory, etc. These individuals did not touch user data (unsure if they even could). They gifted roughly $339,960,000,000,000 worth of in-game currency to players. Ubisoft will perform a roll back to undo the damages. They're probably annoyed. I cannot go into full details at this time how it was achieved.
- A SECOND GROUP of individuals, unrelated to the FIRST GROUP of individuals, exploited a MongoDB instance from Ubisoft, using MongoBleed, which allowed them (in some capacity) to pivot to an internal Git repository. They exfiltrated a large portion of Ubisoft's internal source code. They assert it is data from the 90's - present, including software development kits, multiplayer services, etc. I have medium to high confidence this true. I've confirmed this with multiple parties.
- A THIRD GROUP of individuals claim to have compromised Ubisoft and exfiltrated user data by exploiting MongoDB via MongoBleed. This group is trying to extort Ubisoft. They have a name for their extortion group and are active on Telegram. However, I have been unable to determine the validity of their claims.
- A FOURTH GROUP of individuals assert the SECOND group of individuals are LYING and state the SECOND GROUP has had access to the Ubisoft internal source code for awhile. However, they state the SECOND GROUP is trying to hide behind the FIRST GROUP to masquerade as them and give them a reason to leak the source code in totality. The FIRST GROUP and FOURTH GROUP is frustrated by this
Will the SECOND GROUP leak the source code? Is the SECOND GROUP telling the truth? Did the SECOND GROUP lie and have access to Ubisoft code this whole time? Was it MongoBleed? Will the FIRST GROUP get pinned for this? Who is this mysterious THIRD GROUP? Is this group related to any of the other groups?
"That wording has been met with heavy backlash from players, many of whom believe Ubisoft is attempting to downplay the severity of the situation."
Come on it is just a game (◔_◔)
Ubislop, Ubislop never changes. Never trust a Ubislop
> Prominent Siege creator KingGeorge
So, the lead developer?
This is why security actually matters in game development.
I wonder if they could push out an update. That would be super scary.
[flagged]
A 9 year old random FPS game.
WTF happened to non-shooter games? I am so bored of these FPS variations.
Nice to see anti-cheats working and protecting Linux players from hacks, by preventing them from actually playing the game.