Video game developer Epic Games informed its fans earlier today that several of its online forums have been hacked. The breach gave hackers access to over 808,000 forum users, with over half a million accounts from Unreal Engine's forums. Following the Epic Games hack, security researchers are advising forum members to reset their passwords.
User details exposed in the latest Epic Games hack
Online forums of the Unreal Engine and its maker Epic Games have been compromised by unknown hackers. The attackers have stolen credentials of hundreds of thousands of forum members. According to the company, the hackers managed to get access by exploiting a known vulnerability in an outdated version of the vBulletin forum software. Hackers gained full access to the forum database, and stole data from Unreal Engine and Unreal Tournament forums. The gaming giant believes that passwords are not affected since they are stored in a different database.
The stolen data includes email addresses, salted passwords, IP addresses, birth dates, join dates, full history of user posts and comments, private messages, and other data from legacy forums of Infinity Blade, UDK, Unreal Tournament titles, and archived forums of Gears of War. The company initially said the Unreal Engine and Unreal Tournament forums will remain online and that users don't need to change their passwords. However, later on some of the affected forums went offline for maintenance and the gaming giant is also advising anyone who has been active on these forums since 2015 to reset their passwords.
Unpatched security flaws - a goldmine for criminal hackers
LeakedSource, a breach notification website, obtained a copy of this database and said Epic Games hack was carried out on August 11. This is another hack of the series of attacks that focus on websites using outdated and unpatched software. Researchers said that vulnerabilities used in the Epic Games hack have been known among the hacker groups. Version 4.2.2 of vBulletin is widely known to be plagued by several security flaws.
Last year, Epic Games had suffered another breach that saw hackers stealing thousands of account details. The gaming giant released the following statement about the latest hack:
We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext. While the data contained in the vBulletin account databases for these forums were leaked, the passwords for user accounts are stored elsewhere. These forums remain online and no passwords need to be reset.
Also, we believe a compromise of our legacy forums covering Infinity Blade, UDK, previous Unreal Tournament games, and archived Gears of War forums revealed email addresses, salted hashed passwords and other data entered into the forums. If you have been active on these forums since July 2015, we recommend you change your password on any site where you use the same password.
We don’t believe that other Epic related forums were affected, including Paragon, Fortnite, Shadow Complex, and SpyJinx.
We apologize for the inconvenience this causes everyone and we’ll provide updates as we learn more.