Recent Cyber Attacks on Rainbow Six Siege

One week after Ubisoft mitigated a significant security breach on Rainbow Six Siege, a second large-scale cybersecurity attack occurred. Users began reporting unusual 67-day bans just days after the game’s servers had been brought back online, suggesting another series of hacks.

Second Hack on January 4, 2026

The second round of major hacks began on January 4, 2026, just over a week after the first breach around December 26 and 27, 2025. Players, including popular streamers like Varsity Gaming and Jessica “JessGOAT” Bolden, were hit with unauthorised 67-day bans for alleged “harassment”. These bans appeared to reference the “six seven” (or “67”) meme, with some users receiving notifications claiming “67676767 of your reports led to sanctions.”
Players on PC, PlayStation, and Xbox reported sudden 67-day suspensions, and there were also widespread service disruptions, including degraded connectivity, authentication failures, matchmaking outages, and issues with the in-game store, as listed on Ubisoft’s status page. Despite these widespread issues, Ubisoft has yet to issue an official statement on the incident. Many players are still waiting for the bans to be reversed or for clarifications to be made about the situation. Social media platforms, Reddit, and other networking sites like X (formerly Twitter), have been flooded with complaints, screenshots of affected accounts, and speculations about unpatched vulnerabilities or issues related to outsourced support.

Context: First Hack in December 2025

The first cybersecurity attack in this sequence happened between December 26 and 27, 2025. The hackers infiltrated the backend of Rainbow Six Siege, injecting billions of R6 Credits and Renown (trillions in virtual value), as well as bestowing ultra-rare skins like Glaciers and Alpha Packs, often accompanied by random bans and unbans. In response to the hack, Ubisoft took the game’s servers offline, froze the marketplace, and reversed the transactions. After verifying the security, services were restored by December 29. Although no player personal data was compromised during the attack, rumours started to circulate about a broader breach including source code, SDKs, and old Ubisoft tools via the “MongoBleed” MongoDB vulnerability, possibly with the help of an insider. However, these rumours were refuted by experts and Ubisoft, as they lacked verifiable evidence.

Impact of the Hacks and User Reactions

The back-to-back cybersecurity attacks led to heightened frustrations among the game’s millions of users and influenced the active esports scene. Players voiced their concerns calling for the removal of accounts, potential lawsuits, and criticism of Ubisoft’s security measures. Past incidents of compromised Ubisoft’s security, such as a 2023 tools leak, further increased scrutiny, particularly as rival games like Valorant gain popularity. Details regarding the resolution of the situation are yet to be shared, with the gaming community expecting updates soon either from Ubisoft or sites like SiegeGG.