These changes are occurring in a server backend database. They’re not client side cheats.
The people receiving the credits aren’t even the ones initiating the changes.
Also many anti-cheat packages do have Linux versions. The primary reason you’re not getting ports for Linux is because companies don’t want to do the port and support all versions of Linux clients they would encounter in the very tiny number of additional installs.
Games using Easy AntiCheat can opt in to Linux support. Arc Raiders runs on Linux (but not in VMs) whereas Fortnite does not, because Epic has chosen not to support Linux. Ironic given Tim Sweeney's supposed anti-monopoly stance.
Sweeney isn’t anti-monopoly, he’s pro-Sweeney. He sees an opportunity to let others do the work and investment to build platforms, then selectively swoop in to compete once the risk and investment pay off.
It’s not a bad business model if he can get the courts on his side: let others spend billions and take risks, then cherry pick the successful platforms and compete with their distribution using a cost basis that doesn’t have those up-front costs and risks.
> Ironic given Tim Sweeney's supposed anti-monopoly stance.
This doesn't really make sense. If you are implying he is FOR monopoly, he would want the game on every possible platform right? He loses money by not having more players playing his game.
"kernel anti-cheat" is actually a re-branding of "anti-(non steamdeck)-linux" software, probably to please msft (since sole beneficiary). We all know they are inefficient and weaponized by hackers.
You know on linux there is a feature for a process to snoop into another process, that for the same user (non root), can be use for anti-tampering: with a proper "security" team, as all live-service games should have, you can give hell to hackers without a kernel module...
> We all know they are inefficient and weaponized by hackers.
Name an exploit in EAC/BattlEye/Vanguard/FaceIT/whatever other big name anticheat middleware (though Vanguard and FaceIT don’t sell their services I think) that has actually been used for anything.
Genshin Impact’s driver got used as a vulnerable driver that one time, yeah.
EAC had an exploit to inject your own code into processes, but that quickly got patched (https://blog.back.engineering/10/08/2021/).
Man, even "Area 51 has aliens" is a better and more backed up conspiracy theory than this. Kernel AC isn't to please MS, nor is it to shit on Linux/Steam Deck. They don't matter. They're inexistent. They're a blip of very vocal users that keep believing that Proton is going to save them from EA making shit games.
KACs exist because they want to have higher privileges to not be injected into, closed or otherwise touched by any other process. That's also why a bunch of them have started to ask for Secure Boot, so that they can guarantee at least some chain of trust that ensures you've probably not tampered with your machine.
Your Linux example 1/ turns anti cheats into not only something that analyzes what runs on your machine, but actively tries to attack it, which is the textbook definition of malware, but also a gigantic liability should you happen to say, write into word.exe because you fucked up and thought it was a cheat. 2/ turns it into an infinite game of chasing each others with you injecting into cheats, cheats injecting into you, back and forth. In addition, you're running on an actively hostile machine with a hostile user that _wants_ to fuck over your anti cheat.
Kernel anti cheat in the client are the strongest form of protection by far, your comment makes no sense, anything userspace is easily spoofed. You can create a driver ( module ) that intercept calls and that is completely invisible to userspace processes.
The default security measures on Linux are pretty bad compared to windows, it's not even close. People like to bash windows but they have a way better security model.
Hard to have sympathy for Ubisoft the company as they are regularly used as an example of the most anti-consumer practices out there. But the whole situation is a mess, and if anything, it is probably the consumers that will end up suffering the most for this.
The line "How could I forget that I had given her an extra key?" comes to mind. Maybe someone left an API key laying around somewhere? Although I could be giving the hackers too much credit...
It's a shame this game has to pander to eSports fanatics rendering it into a completely hollowed out soulless experience. From the early days of Operation Chimera to selling half of your stake and IPs to Tencent, Ubisoft has seen it all.
> It's a shame this game has to pander to eSports fanatics rendering it into a completely hollowed out soulless experience.
There have been many victims of the eSports neuroticism. League of Legends is probably the most extreme example I can come up with. You will eventually get banned from the game if you choose the "wrong" play style. You don't even have to cheat or play poorly. Overwatch suffered a very similar fate - They removed a player slot to force it to fit the "5 man" meta. In the case of OW, the changes proved so unpopular they had to literally delete the original title from everyone's PC to force use of the only remaining option.
Not much good happens where people are treating video games like a hobby or even job. Last time I played that type of game was csgo in college, never again.
+1. Can’t believe how they held amazing IPs and then milked them to death while lowering the quality game over game. Whether it’s far cry or assassin’s creed, all the later iterations are worse than the series start.
My heart goes out to the devs forced to return to work to solve these issues. Numerous groups claiming numerous exploits - mostly MongoBleed.
One has to wonder: why didn't anyone anticipate this happening? Surely the moment this exploit was discovered the team would've locked it down immediately?
If this is a result of that vulnerability, Ubisoft only have themselves to blame. Our support contacts ensured that we knew about the vulnerability as early as possible and gave us a clear guide to remediation for our self-hosted clusters. Our Atlas clusters were automatically patched before this was announced publicly. You'd have to be running your database open to the internet (already a mistake), ignore the advice to simply turn off zlib, and ignore the fixed versions that have been available for over a week.
If you're going to be in the business of running your own critical infrastructure, you better have spent a lot of effort planning for these situations, because they are inevitable. Otherwise, it's easier to just pay a vendor to do it for you.
- THE FIRST GROUP of individuals exploited a Rainbow 6 Siege service allowing them ban players, modify inventory, etc. These individuals did not touch user data (unsure if they even could). They gifted roughly $339,960,000,000,000 worth of in-game currency to players. Ubisoft will perform a roll back to undo the damages. They're probably annoyed. I cannot go into full details at this time how it was achieved.
- A SECOND GROUP of individuals, unrelated to the FIRST GROUP of individuals, exploited a MongoDB instance from Ubisoft, using MongoBleed, which allowed them (in some capacity) to pivot to an internal Git repository. They exfiltrated a large portion of Ubisoft's internal source code. They assert it is data from the 90's - present, including software development kits, multiplayer services, etc. I have medium to high confidence this true. I've confirmed this with multiple parties.
- A THIRD GROUP of individuals claim to have compromised Ubisoft and exfiltrated user data by exploiting MongoDB via MongoBleed. This group is trying to extort Ubisoft. They have a name for their extortion group and are active on Telegram. However, I have been unable to determine the validity of their claims.
- A FOURTH GROUP of individuals assert the SECOND group of individuals are LYING and state the SECOND GROUP has had access to the Ubisoft internal source code for awhile. However, they state the SECOND GROUP is trying to hide behind the FIRST GROUP to masquerade as them and give them a reason to leak the source code in totality. The FIRST GROUP and FOURTH GROUP is frustrated by this
Will the SECOND GROUP leak the source code? Is the SECOND GROUP telling the truth? Did the SECOND GROUP lie and have access to Ubisoft code this whole time? Was it MongoBleed? Will the FIRST GROUP get pinned for this? Who is this mysterious THIRD GROUP? Is this group related to any of the other groups?
I used to work for Ubisoft, though not on Siege- I have met and had detailed conversations with their lead architect though; truthfully I remember little of those conversations.
Regarding the second group and access to source code; this is unlikely for a combination of four reasons.
1) The internal Ubisoft network is split between “player stuff” (ONBE) and developer stuff.
2) The ONBE network is deny by default, no movement is possible unless its explicitly requested ahead of time, by developers, in a formal request that must be limited in scope.
3) ONBE to “developer network” connections are almost never granted. We had one exception to this on the Division, and it was only because we could prove that getting code execution on the host that made connections would require a long chain of exploits. Of course that machine did not have complete access to all of the git repos.
4) Not a lot of stuff really uses git internally. Operations staff and web developers prefer git strongly; so they use Git. But nearly every project uses Perforce. Good look getting a flow granted from ONBE to a perforce server. That will never happen.
Siege, like The Division, worked against Ubisoft internal IT policies to make the product even possible. (IT was punishingly rigid) but some contracts were unviolatable.
The last I heard, Siege had headed to AWS and had free dominion in their tenant, but it would need Ubiservices (also in AWS) and those would route through ONBE.
I’m not sure if much changed, since a member of the board is former Microsoft and has mandated a switch to Azure from the top… But I am certain that these policies would likely be the last to go.
Nothing highlights how pointless e-sports items are more than a real dollar value for a player base of all of them. The entire global GDP is as an order of magnitude roughly $100 trillion. So this $340 trillion figure is 3.4 times planetary total economic output - meaning the theoretical value of Rainbow Six cosmetics exceeds what the entire human civilisation produces in a year. Multiple times over. You'd be valuing pixelated gun attachments higher than annual agricultural output across all nations, all manufacturing, all services, everything.
I bet it appears unchallenged at some point in a court (or insurance) document though.
While I understand what you're saying, it's pretty clear what is meant is "$X worth at the price they currently sell for". When there's a story about an object in space made of gold worth 100s of trillians of dollars, nobody believes it would really sell for that much if we captured it and mined all the gold; because the value of gold would plummet based purely on it's existence.
But I agree with you that it would be put into a court document as "it cost us this much" for the full amount, vs the amount they were likely to ever be able to sell (and can't, now that everyone got it for free, so the value is $0)
The valuation is based on them hypothetically selling the same quantities that the hackers gave away at their retail prices, which of course no one believes they would ever actually sell that much.
> Will the SECOND GROUP leak the source code? Is the SECOND GROUP telling the truth? Did the SECOND GROUP lie and have access to Ubisoft code this whole time? Was it MongoBleed? Will the FIRST GROUP get pinned for this? Who is this mysterious THIRD GROUP? Is this group related to any of the other groups?
This read to me like the end of a soap opera. Tune in tomorrow to find out!
Can’t help but laugh a bit. Not a great day for Ubisoft. Hopefully this didn’t ruin the holidays for too many employees. That would absolutely suck to get a call in for this.
> Will the SECOND GROUP leak the source code? Is the SECOND GROUP telling the truth? Did the SECOND GROUP lie and have access to Ubisoft code this whole time? Was it MongoBleed? Will the FIRST GROUP get pinned for this? Who is this mysterious THIRD GROUP? Is this group related to any of the other groups?
Find out in the next episode of... Tales from Cyberspace!
The attackers better hope they fully hid their tracks - this is a bold hack, and such an level of overt cybercriminality with financial damages will result in a decade in prison if caught.
> Players across PC and console are being urged by the community to stay offline, as reports continue to surface of accounts receiving billions of in game credits, rare and developer only skins, and experiencing random bans.
Regardless if this is true or not, and how it works exactly, I find it an interesting scenario.
For players: should I go online to maybe get gifted tons of ingame valuables while risking a ban? It turns playing into a gamble.
If I take on the hackers' view, I would find it exciting to dish out rewards and punishment at random on a large scale.
This is the nightmare scenario for live-service games: once the integrity of progression and bans is compromised, trust evaporates fast.
Rolling back “billions of credits” is easy compared to undoing random bans.
The people receiving the credits aren’t even the ones initiating the changes.
Also many anti-cheat packages do have Linux versions. The primary reason you’re not getting ports for Linux is because companies don’t want to do the port and support all versions of Linux clients they would encounter in the very tiny number of additional installs.
It’s not a bad business model if he can get the courts on his side: let others spend billions and take risks, then cherry pick the successful platforms and compete with their distribution using a cost basis that doesn’t have those up-front costs and risks.
Because Epic doesn’t want payhack configs to be advertised in whatever leaderboards Fortnite has, like CS2 had for a while.
This doesn't really make sense. If you are implying he is FOR monopoly, he would want the game on every possible platform right? He loses money by not having more players playing his game.
You know on linux there is a feature for a process to snoop into another process, that for the same user (non root), can be use for anti-tampering: with a proper "security" team, as all live-service games should have, you can give hell to hackers without a kernel module...
Name an exploit in EAC/BattlEye/Vanguard/FaceIT/whatever other big name anticheat middleware (though Vanguard and FaceIT don’t sell their services I think) that has actually been used for anything.
Genshin Impact’s driver got used as a vulnerable driver that one time, yeah. EAC had an exploit to inject your own code into processes, but that quickly got patched (https://blog.back.engineering/10/08/2021/).
KACs exist because they want to have higher privileges to not be injected into, closed or otherwise touched by any other process. That's also why a bunch of them have started to ask for Secure Boot, so that they can guarantee at least some chain of trust that ensures you've probably not tampered with your machine.
Your Linux example 1/ turns anti cheats into not only something that analyzes what runs on your machine, but actively tries to attack it, which is the textbook definition of malware, but also a gigantic liability should you happen to say, write into word.exe because you fucked up and thought it was a cheat. 2/ turns it into an infinite game of chasing each others with you injecting into cheats, cheats injecting into you, back and forth. In addition, you're running on an actively hostile machine with a hostile user that _wants_ to fuck over your anti cheat.
Please do some proper research on the subject.
The default security measures on Linux are pretty bad compared to windows, it's not even close. People like to bash windows but they have a way better security model.
https://github.com/joe-desimone/mongobleed
https://beta.shodan.io/host/212.104.194.153
Deleted Comment
https://x.com/KingGeorge/status/2004902566434668686
>@KingGeorge
>Seems like R6 is completely fucked. It’s unreal how bad.
>Hackers have done the following.
>1. Banned + unbanned thousands of people.
>2. Taken over the ban feed can put anything.
>3. Gave everyone 2 billion credits + renown.
>4. Gave everyone every skin including dev skins.
>5:09 AM · Dec 27, 2025
Dead Comment
Deleted Comment
There have been many victims of the eSports neuroticism. League of Legends is probably the most extreme example I can come up with. You will eventually get banned from the game if you choose the "wrong" play style. You don't even have to cheat or play poorly. Overwatch suffered a very similar fate - They removed a player slot to force it to fit the "5 man" meta. In the case of OW, the changes proved so unpopular they had to literally delete the original title from everyone's PC to force use of the only remaining option.
It was doomed.
One has to wonder: why didn't anyone anticipate this happening? Surely the moment this exploit was discovered the team would've locked it down immediately?
If you're going to be in the business of running your own critical infrastructure, you better have spent a lot of effort planning for these situations, because they are inevitable. Otherwise, it's easier to just pay a vendor to do it for you.
Here's the word on the internet streets:
- THE FIRST GROUP of individuals exploited a Rainbow 6 Siege service allowing them ban players, modify inventory, etc. These individuals did not touch user data (unsure if they even could). They gifted roughly $339,960,000,000,000 worth of in-game currency to players. Ubisoft will perform a roll back to undo the damages. They're probably annoyed. I cannot go into full details at this time how it was achieved.
- A SECOND GROUP of individuals, unrelated to the FIRST GROUP of individuals, exploited a MongoDB instance from Ubisoft, using MongoBleed, which allowed them (in some capacity) to pivot to an internal Git repository. They exfiltrated a large portion of Ubisoft's internal source code. They assert it is data from the 90's - present, including software development kits, multiplayer services, etc. I have medium to high confidence this true. I've confirmed this with multiple parties.
- A THIRD GROUP of individuals claim to have compromised Ubisoft and exfiltrated user data by exploiting MongoDB via MongoBleed. This group is trying to extort Ubisoft. They have a name for their extortion group and are active on Telegram. However, I have been unable to determine the validity of their claims.
- A FOURTH GROUP of individuals assert the SECOND group of individuals are LYING and state the SECOND GROUP has had access to the Ubisoft internal source code for awhile. However, they state the SECOND GROUP is trying to hide behind the FIRST GROUP to masquerade as them and give them a reason to leak the source code in totality. The FIRST GROUP and FOURTH GROUP is frustrated by this
Will the SECOND GROUP leak the source code? Is the SECOND GROUP telling the truth? Did the SECOND GROUP lie and have access to Ubisoft code this whole time? Was it MongoBleed? Will the FIRST GROUP get pinned for this? Who is this mysterious THIRD GROUP? Is this group related to any of the other groups?
Regarding the second group and access to source code; this is unlikely for a combination of four reasons.
1) The internal Ubisoft network is split between “player stuff” (ONBE) and developer stuff.
2) The ONBE network is deny by default, no movement is possible unless its explicitly requested ahead of time, by developers, in a formal request that must be limited in scope.
3) ONBE to “developer network” connections are almost never granted. We had one exception to this on the Division, and it was only because we could prove that getting code execution on the host that made connections would require a long chain of exploits. Of course that machine did not have complete access to all of the git repos.
4) Not a lot of stuff really uses git internally. Operations staff and web developers prefer git strongly; so they use Git. But nearly every project uses Perforce. Good look getting a flow granted from ONBE to a perforce server. That will never happen.
Siege, like The Division, worked against Ubisoft internal IT policies to make the product even possible. (IT was punishingly rigid) but some contracts were unviolatable.
The last I heard, Siege had headed to AWS and had free dominion in their tenant, but it would need Ubiservices (also in AWS) and those would route through ONBE.
I’m not sure if much changed, since a member of the board is former Microsoft and has mandated a switch to Azure from the top… But I am certain that these policies would likely be the last to go.
I bet it appears unchallenged at some point in a court (or insurance) document though.
But I agree with you that it would be put into a court document as "it cost us this much" for the full amount, vs the amount they were likely to ever be able to sell (and can't, now that everyone got it for free, so the value is $0)
The source leak is really interesting, though. We don't often get to see game source, and it often has surprises in.
This read to me like the end of a soap opera. Tune in tomorrow to find out!
Find out in the next episode of... Tales from Cyberspace!
Regardless if this is true or not, and how it works exactly, I find it an interesting scenario.
For players: should I go online to maybe get gifted tons of ingame valuables while risking a ban? It turns playing into a gamble.
If I take on the hackers' view, I would find it exciting to dish out rewards and punishment at random on a large scale.
How?
Dead Comment
https://github.com/joe-desimone/mongobleed
https://beta.shodan.io/host/212.104.194.153