This time hackers targeted the R6DB service that provides statistics for Rainbow Six Siege players.
The hackers breached the service on September 30 and wiped the database, a PostgreSQL installation, asking the payment of a ransom.
The service went down over the weekend, in a statement released on Sunday, R6DB confirmed the attack and said that an automated bot accessed their server, wiped the archive, and left a ransom note.
In response to the incident, R6DB wipes the targeted server and completely reinstalled it. The company is currently working to restore as much of the wiped information as possible, unfortunately, some data should be definitively lost.
new server is now useable!
some secondary data (past ranks, etc) might be missing for now.
updates are still running
— R6DB (@Rainbow6_DB) October 1, 2017
Such kind of attack is not new, in the recent months, security experts reported waves of incursions in databases left open on the Internet.
In December 2016, one bad actor started compromising vulnerable MongoDB databases. Contents were downloaded and replaced by a ransom note demanding payment in exchange for a return of the missing data. By January, many hacking groups were involved and over 20,000 vulnerable MongoDB installations were compromised. With that many groups in competition, databases were compromised multiple times and ransom notes from one group were replaced by ransom notes from another group.
After this flurry of activity in the first few months of 2016, the number of MongoDB attacks quieted over the Summer. Attacks against MongoDB databases picked up again in September — at a much faster pace. “[it] took attackers from the first wave of MongoDB attacks nearly a month to rack up 45,000 ransomed DBs. The Cru3lty group managed [22,000] only last week.”
Back to the R6DB case, the database of the company was left open by the internal personnel after an unplanned migration, a company spokesman excluded that hackers kept any data.
“Due to the hectical and unplanned September migration, we didn’t have everything locked down yet, which led to this situation,” an R6DB spokesperson said. “They left a nice ransom message, but we have no reason to believe that they kept any data. On top of that our backups are useless, since they didn’t work on the Postgres codebase yet.”
R6DB said that no personal data on Rainbow Six Siege players was exposed because it doesn’t maintain such kind of info.
Gamers used R6DB to maintain statistics about their activities across time, this information was affected by the security breach.
“We basically lost all our historical data,” said R6DB. “Some profiles are gone. We can re-index them when searched for, but that’s a step we can’t do ourselves.”
“Progressions (aka historical data, aka charts) are [EXPLETIVE] They’ll fill up again over time, but the past is gone,” R6DB said. “[PC only] aliases are half-[REDACTED]. We still have some older data, but about a months worth of aliases is lost.”
(Security Affairs – R6DB , hacking)