Hundreds of players discovered themselves locked out of their accounts this week after a serious safety flaw pressured Ubisoft to tug the plug on its hit recreation, Rainbow Six Siege. For individuals who don’t observe the gaming world, Siege is an enormous tactical shooter recreation the place groups work collectively to storm or defend buildings. It’s a flagship title for Ubisoft, however over the vacation weekend, it grew to become essentially the most seen sufferer of a newly found vulnerability in MongoDB software program, dubbed MongoBleed.
What is occurring?
To place it merely, MongoDB is a well-liked database software program utilized by 1000’s of firms to retailer every little thing from buyer addresses to recreation progress. The issue, formally tracked as CVE-2025-14847, entails a software known as zlib that MongoDB makes use of to “shrink” information for quicker journey.
A mistake within the code permits an outsider to ship a corrupted message that methods the server into “bleeding” out fragments of its personal inside reminiscence. As a result of this occurs earlier than the system even asks for a password, it permits unauthenticated hackers to sneak out delicate info from wherever on the planet. This leaked reminiscence can expose:
- Clear-text passwords and login keys.
- Private buyer info (PII).
- Safety tokens that enable hackers to impersonate actual customers.
The Chaos at Ubisoft
You may surprise how a database vulnerability can shut down a online game. Ubisoft makes use of MongoDB to retailer participant information, like your rank or the gadgets you’ve unlocked. Based on the web malware repository, VX-Underground, totally different hacker teams have up to now used the MongoBleed vulnerability to realize a backdoor into the sport’s inside techniques.
As soon as inside, the hackers went on a spree; they hijacked the ban ticker to point out pretend messages and unban their mates, unlocked each single beauty outfit and merchandise for themselves, and gifted a staggering 2 billion R6 Credit (in-game forex) to gamers.
Ubisoft was pressured to take your complete recreation and its Market offline to cease the bleeding. Whereas they gained’t punish gamers who spent the “free” cash, they’re presently working to roll again all transactions that occurred through the breach.
Energetic Assaults within the Wild
Whereas the flaw was first disclosed on December 19, 2025, the scenario turned crucial on December 26 when researcher Joe Desimone printed the assault blueprint (public exploit code) on GitHub. Because the launch, consultants at Wiz and Censys have famous an enormous spike in assaults. They estimate that 42% of cloud setups are in danger, with over 87,000 databases presently sitting uncovered on the web.
How one can Keep Protected
Whereas older variations (like 3.6 or 4.2) haven’t any official repair, newer variations have been patched. To remain secure, it’s essential to replace to variations 8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30.
If you happen to can’t replace instantly, consultants recommend turning off the zlib compression setting in your database as a brief defend to dam attackers.
Ben Ronallo, Principal Cybersecurity Engineer at Black Duck, a Burlington, Massachusetts-based supplier of utility safety options, additionally commented on the difficulty, stating, “The risk actors have been intelligent; they attacked through the holidays when many firms are typically much less responsive resulting from workers taking time without work. Ubisoft seems to be the very best profile sufferer at this level.“
Ronallo additionally shared steps for safety groups to workaround the difficulty, together with:
- Verify you probably have any internet-facing techniques with a susceptible model of a MongoDB occasion hooked up.
- If you happen to discover any such techniques, instantly kick off your incident response efforts to establish any potential compromise and include the harm.
- There’s this open-source software that may be leveraged to investigate MongoDB logs for indicators of compromise.
- Any susceptible variations ought to be patched instantly utilizing official fixes from MongoDB.
