R6DB, a fan-powered online gaming service that provides statistics for players of Ubisoft's tactical FPS Rainbow Six Siege, was hit by hackers over the weekend who wiped its databases and held the data for ransom. In a Medium post on Sunday (1 October), the company said an automated bot managed to access their databases on Saturday since it still had remote connections enabled for the database server from its development phase.
"Due to the hectical and unplanned September-migration we didn't have everything locked down yet, which led to this situation," the team said. "They left a nice ransom message, but we have no reason to believe that they kept any data. On top of that our backups are useless, since they didn't work on the Postgres codebase yet."
R6DB said they are currently working to restore as much of the data as possible. However, it warned that some data including player statistics and profiles could be permanently lost. The company noted that it does not store players' personal data.
"We don't store any personal data, so you don't have to be concerned about any privacy issues. We basically lost all our historical data though," the team wrote. "Some profiles are gone. We can re-index them when searched for, but that's a step we can't do ourselves.
"Progressions (aka historical data, aka charts) are f**ked. They'll fill up again over time, but the past is gone. PC only aliases are half-f**ked. We still have some older data, but about a months worth of aliases is lost."
The team said they are currently working on getting a new server up and running. However, it is still unclear if hackers only accessed the databases or the firm's entire server. As a precaution, they decided to wipe and reinstall the entire system.
The company is still working to restore player data and estimates the process will be completed by Monday. As of Sunday afternoon, the team said, "PC restore is done, PS4 at 25%".
At the time of writing, the website is online and features an update message: "Most data is recovered. Updates are still running."
The attack came just days after R6DB celebrates its one year anniversary on 28 September. The company said it recently crossed the 1 million active user mark and had over 1.18 million total accounts as of 27 September.