Opalsec Dec 27
Kevin Beaumont

Ubisoft may want to take this MongoDB box offline ASAP or disable zlib, they appear to have people inside i3D.

https://beta.shodan.io/host/212.104.194.153

Dec 27 at 8:52pmWeb
Show threadKevin BeaumontDec 28
I've flung this at a bunch of Ubisoft people on LinkedIn.
Show threadKevin BeaumontDec 28
Ubisoft's Rainbow Six Siege servers, hosted at i3D, have been offline for a day due to a security incident.
Show threadKevin BeaumontDec 28
Thanks to those who helped out on the Ubisoft thing, their MongoDB instance is now shut down.
Show threadKevin BeaumontDec 28

Ubisoft say Rainbow Six Siege will be offline indefinitely, they are working to fix it.

https://xcancel.com/Rainbow6Game/status/2005329908105359712

Rainbow Six Siege X (@Rainbow6Game)

A rollback is currently ongoing and afterwards, extensive quality control tests will be executed to ensure the integrity of accounts and effectiveness of changes. The team is focused on getting players back into the game as quickly as possible. Please know that this matter is being handled with extreme care and therefore, timing cannot be guaranteed. We will provide another update as soon as we know more. Thank you all for your patience and understanding as we continue to tackle this.

Nitter
Show threadKevin BeaumontDec 29

Rainbox Six Siege is back online, if that's yer thing.

Whoever did that hack is a bit of a dickhead, will have ruined a load of Ubisoft staff members Christmas.

Show threadKevin BeaumontDec 29

Slightly amused Ubisoft have managed to avoid headlines for this by just.. not saying cybersecurity incident. 😅

https://www.bbc.co.uk/news/articles/c2ep8ykky0ro

Rainbow 6 Siege: Game back online as Ubisoft works to fix issues

Publisher Ubisoft works to claw back billions of in-game currency handed out to players.

BBC News
Show threadCaliDec 29
@GossiTheDog a “hack”, NOT a cyberattack.. 🙄
Show threadCaliDec 29
@GossiTheDog It’s only a cyberattack if it’s from the Threat Actor region of the internet — otherwise it’s just a sparkling incident
Show threadjust_one_bearDec 29
@GossiTheDog "Meh. It's just some game thing..." (the press, probably)
Show threadJaypee (Admin)Dec 29
@GossiTheDog
Agreed. Blackhats are basically d*cks under most circumstances. But this is even lower than usual.
Show threadfuzzyfuzzyfungusDec 28

@GossiTheDog Dammit Ubisoft; this would have been a perfect place for a Call of Duty: DevOps joke; but that's Activision IP.

Thanks for nothing, Guillemot.

Show threadDante Vortex 💾Dec 28
@GossiTheDog My free Sunday plans be like: (╯°□°)╯︵ ┻━┻
Show threadSimon ZerafaDec 28

@GossiTheDog

Seems like @vxunderground (and @[email protected]) has more on the Ubisoft situation.

If half of these report are accurate then they won't be having a relaxing Christmas break 😕

Show threadTanawtsDec 28
@GossiTheDog :(
Show threadJernej Simončič �Dec 27

RE: https://infosec.exchange/@jernej__s/115793506457095282

@GossiTheDog Too late:

Show threadrtificialDec 28
@GossiTheDog that ship done sailed. Aye aye captain!
Show threadTanawtsDec 28
@GossiTheDog :(
Show threadSnoopDec 28
@GossiTheDog how can you tell it is compromised?
Show threadGerald BenischkeDec 28
@GossiTheDog coincidence? https://www.dexerto.com/rainbow-six/rainbow-six-siege-hacked-as-attackers-give-players-billions-of-in-game-currency-ubisoft-responds-3298216/
Rainbow Six Siege hacked as attackers give players billions of in-game currency – Ubisoft responds

Rainbow Six Siege players are reporting a major ongoing exploit that has resulted in mass account bans and billions of R6 Credits being added to accounts unexpectedly.

Dexerto
Show threadianDec 29
@GossiTheDog Wired Tiger is my drag name