Ubisoft’s New York-based strategy shooter is the company’s most successful ever release – but players say the experience is being ruined by cheats

In financial terms, Tom Clancy’s The Division is a hugely successful video game. Released in March by French publisher Ubisoft, this New York-set third-person shooter quickly became the best selling new franchise of all time, generating more than $330m in sales in its first five days. But, just over a month after release, the best selling game in Ubisoft’s 30-year history looks to be heading for catastrophe.

The Division has a cheating problem. Not just one, either, but a critical mass of glitches, exploits, and hacks that – in the eyes of the playerbase at least – threaten the game’s immediate and long-term future on the PC. Players stack items for unintended bonuses, farm missions in seconds, and – worst of all – using third-party hacks to cheat in player vs player (PvP) competition.

Glenn Young bought The Division and the “season pass” (a pre-purchase of future downloadable content) for £70. “About three weeks ago, the glitches and exploits started to become much more noticeable,” he says. “In particular there was a non-player character (NPC) called Bullet King just outside one of the safehouses [a place players can respawn]. People figured out that if they killed him and not his lackeys, they could loot him, then die and respawn and repeatedly do it again.”

This sort of activity is called an exploit, because it involves players exploiting a fault in the game to their advantage. It’s a common phenomenon in online multiplayer games, especially on PC where its easier to access and alter game code, but if left unchecked by the developer, it can lead to an unbalanced experience – especially for participants who don’t know how to use the fault in question.

The Division is a loot-based game – the aim is to kill computer-controlled enemies and take their equipment, known as “loot”, which is randomised so you never know what you’re going to get. The goal for many players is to acquire the best gear possible over time, but the chances of ever getting the exact set of equipment you want are low. This means players spend many hours killing enemies, checking them and moving on to the next targets. As young puts it, “lots of players see [exploits] as a way to get around that frustration”. It lets players game a system, even if only briefly, that usually games them.

Facebook Twitter Pinterest The Division is a loot-based game – the aim is to kill computer-controlled enemies and take their equipment Photograph: Ubisoft

Bullet King was one of many NPCs that could be farmed in this way (he was just the quickest) and a relatively straightforward exploit to identify and fix. But players found and keep finding ways to take advantage of errors in The Division’s world – often with great ingenuity.

“You could do a trick by completing a mission a single time,” explains Young, “which would end with blowing a hole in the wall. Then you start it again but with a runner who gets in the location to re-spawn the boss and aggro [attract] him, after which he fast-travels [an in-game warp] back to the players who have waited outside. Then everyone blows the boss away with sniper rifles through this still-existing hole the boss can’t see through. 24 seconds or something. The runner glitches back in and dies, which de-spawns the NPCs; then he respawns within the instance to rinse and repeat. Every so often the other guys go back in and hoover up the loot.”

Cheating like this, which is to say, taking advantage of mistakes in the game’s own code to acquire stacks of loot, might not be a big deal in a single-player game, or even an online player v environment (PvE) game. For The Division it’s a big problem because the design blends PvE and Player vs Player (PvP): gear you acquire through one can be used in the other. The players taking advantage of these exploits are doing it for personal gain, which is understandable, but in doing so they imbalance the “loot economy” wildly in their favour. Ubisoft has cleared up some exploits with post-release patches, yet they continue to proliferate.

This is only one side of the problem, and the other is much worse. The Division’s has a PvP area known as the Dark Zone, where players compete directly with each other to grab the best loot, loot unavailable anywhere else in the game. Unfortunately, the Dark Zone is now rife with cheats knowns as “hackers”, a term for players who have developed – or more usually, paid third-parties for – cheating software that lets them do things they shouldn’t be able to – like fly, see through walls, and kill other players instantaneously. Regardless of whether they wrote the hack or not, however, the effect is the same.

Every big online game has to deal with hackers to some extent, but The Division has an endemic problem. Hacking topics are constant within The Division’s player community, and though its true that forums, subreddits and social media are largely driven by complaints (contented players don’t have the same drive to share their positive experiences) hard evidence is everywhere.

There are countless videos of players being killed through walls by unseen enemies:

There is clear footage of teleporters moving instantaneously around the map:

CMDR MiiC (@CMDRMiiC) Nice job... @TheDivisionGame, recorded 20 minutes ago. tired of sending reports for nothing, a good game gone shit. pic.twitter.com/EM7J3RuPIu

You don’t get plainer than “DZ hacker video proof for UBI”

There are dozens if not hundreds of other examples. Increasingly, these videos are shared and titled in a way that indicates the community’s sense that Ubisoft isn’t listening to complaints or viewing its evidence.

High-level Division players, who stream footage of themselves playing the game via services like Twitch, are still regularly seeing hackers, even after the latest patch. Streamer Jgcreative, one of the world’s top 25 players, told viewers this week that he is witnessing, “tonnes, every day”; another popular streamer, Mveiag, replied, “You should have been here earlier, some of these motherfuckers are at infinite health, man.”

Last Sunday evening, the most popular Division streamer was Sxyhxy with just over 3,000 live viewers. During his stream he discussed cheats, glitches and hackers with his audience – expressing considerable frustration. As Sxyhxy listed known exploits, the atmosphere was a little like a phone-in, with viewers suggesting new glitches to try, and the host obliging.

What happened either side of this was even more incredible. Sxyhxy went to PvP in the Dark Zone and soon bumped into a hacker named BorrBurison, who he began a conversation with. Sxyhxy asked if he’d ever been punished. “Ubisoft isn’t really working hard enough on that,” was the reply. “There are a lot more hackers out here than you actually think.” BorrBurison claimed to be hacking in order to target and expose cheats and to protect legit players. Then he warped away.

However, later in the evening, Sxyhxy was taken down by a mob of three other players. Almost instantaneously, the aggressors are nailed by what looks like a laser beam. It’s clearly an illegitimate weapon used by a hacker. Sxyhxy respawns and finds the player responsible: it’s BorrBurison. They chat about what just happened, and Sxyhxy points out those players weren’t hackers. BorrBurison says he thought they were. The players laugh and go their separate ways. Some players are critical of streamers like Sxyhxy for acknowledging and showing these problems, but this is simply the reality of The Division.

Widespread cheating is ruinous for any competitive game, not least because of how it changes the atmosphere. Did that player beat me fairly, or was their clutch shot thanks to an aimbot? The Division’s PvP mechanic is built around loot, and so hackers killing legit players has even more of a sting than death. When someone can kill you instantaneously, loot the gear you’ve spent 45 minutes earning, then warp away from any consequences, that system is broken.

“You get people just teleporting down from the tops of buildings in front of your face,” says Glenn Young. “They’ll sit up there watching the street, and because data about how much your character is firing is held client-side they manipulate that data. They teleport down when they see you, pump a couple of thousand shots into you in a fraction of a second – you obviously go down, they pick up your gear and then teleport away again. Or fly.”

The Division’s networking model has been blamed for this state of affairs, with some saying the game is doomed to hackers indefinitely because, in highly simplified terms, certain client data (from your PC) is trusted by the server (where everyone’s data is being combined.) This client data apparently includes rate of fire, position, health, and many other variables, which is why hackers are able to manipulate them. Most games process this data on the server-side, where it is much less susceptible to hacking.

I asked Glenn Fiedler, a game networking expert with 15 years experience who most recently worked on Titanfall, whether there’s anything to this. He explained that the key to the most widely used networking model for FPS games (the competitive gold standard) is that “the server is the REAL GAME and doesn’t trust what the client says they’re doing”. He reiterates the mantra of online game development: “Never trust the client”.

Facebook Twitter Pinterest Did that player beat me fairly? Photograph: Ubisoft

“If a competitive FPS was networked the other way, with client trusted positions, client-side evaluation of bullet hits and ‘I shot you’ events sent from client to server, it’s really difficult for me to see how that could ever be made completely secure,” says Fielder. “That’s not to say it’s not possible, but I think it’s a really difficult problem, and it’s certainly not how the top-tier competitive FPS games out there do it.”

Since talking to the Guardian, Fielder has gone on to investigate further and, after certain evidence, adds this: “The Division is most likely using a trusted client network model. I sincerely hope this is not the case, because if it is true, my opinion of can this be fixed is basically no.”

The response from Ubisoft

Even if The Division can clean up the glitches and clear out the hackers, Ubisoft’s response has been wanting. There has been a general lack of communication with the playerbase, as well as apparent errors of judgement like a community manager playing with glitchers on the game’s official stream.

The Guardian asked Ubisoft for comment on the issues raised in this article and the company agreed, but none was ready in time for the launch of this story. We were told that a community update was on the way.

Several of Ubisoft’s biggest titles in recent years – most notably Assassin’s Creed Unity – have shipped with technical problems of various kinds. This is not unusual with new releases that feature complex online multiplayer components, but these are entertainment products that cost £40-50 or more. The Division with season pass costs about £70.

When a game has problems like The Division, there is little recourse for purchasers – even if the experience leaves much to be desired. Changes to UK consumer laws last October allowed players to demand refunds on faulty digital goods, but only within 30 days of purchase – the problem with hacks and exploits is, they often emerge after that period. If Ubisoft won’t offer refunds, and there’s no consumer law forcing them to do so, then that’s that. Given the widespread popularity of the season pass model in the games industry – where future content is sold in advance – this does not seem a sustainable state of affairs.

“I think the games industry is a bit under-represented in terms of consumer protection,” says Glenn Young. “There’s still this sense we’re a bunch of teenagers that won’t say or do anything about their situation. I’m 47, I work as a volunteer manager for a charity, and I’ve been playing since Pong came out. It’s just very frustrating that they seem to be able to take money and then fob us off like they do. What was this, their biggest selling new game ever? I don’t think it would do them any harm to reflect on what’s happened to it since.”

At the time of writing, the online gathering points for Division players are still filled with posts about hackers, pleas for fixes, and declarations that this game is over. There’s often a sense of melodrama within gaming communities, but this is more serious, and many players who have invested in The Division have no sense things will get better. “I feel deeply disappointed, frustrated and let down,” says Young. “I’ve no optimism for the game’s future.”

Ubisoft hopes to build The Division into a long-term franchise, and is rightly proud of the strong start it has made. There’s a paradox here. This medium is built around the player, and the industry is built on the player’s wallet. Games like The Division are built for our entertainment, to make us feel powerful and important. But back in the real world, if problems happen, it can seem players have no voice at all.

Update: Ubisoft has released a statement on the exploits and hacking situation in The Division:

“With Update 1.1 now behind us, and Update 1.2 in the works, we also want to briefly mention our ongoing work related to bug exploits.

“We are currently adjusting our processes and policies in order to better track and deter exploiters, in line with industry standards and out of fairness and respect for the larger The Division community. Expect more details on this in the next days.”

