Ubisoft’s internal services were hacked recently in an attempt to steal 900GB of data, including Rainbow Six Siege user data, as reported by VX-Underground. Ubisoft discovered the breach 48 hours later and revoked the hackers’ access, preventing the data from being stolen successfully.
In their statement to BleepingComputer, Ubisoft said, “We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time.” Screenshots shared by the attacker and posted by VX-Underground show that the hackers were able to access Microsoft Teams conversations, the Ubisoft SharePoint server, Confluence, and MongoDB Atlas. “The Threat Actor would not share how they got initial access,” VX-Underground wrote in a post on X. “Upon entry they audited the users access rights and spent time thoroughly reviewing Microsoft Teams, Confluence, and SharePoint.”
VX-Underground also reported that the attempt to obtain Rainbow Six Siege user data was unsuccessful. It remains unclear whether any sensitive information was accessed before Ubisoft shut down the breach.