Epic Games forums hacked again, thousands of user details exposed
The hackers are at it once again! The Epic Games forums have been breached again wherein information relating to more than 800,000 user accounts has been stolen by hackers from online forums run by Epic Games, with more than half a million from Unreal Engine and Unreal Tournament’s forums.
Epic Games—the company behind Unreal Tournament and game development tool Unreal Engine—confirmed the hack in a statement on its website. The attack was carried out on August 11, according to breach notification site LeakedSource which obtained a copy of the database.
According to ZDNet, the hackers allegedly exploited a known SQL injection vulnerability residing in an outdated version of the vBulletin forum software, which allows them to get access to the full database. The unknown hacker has stolen data from hundreds of thousands of forum accounts including usernames, scrambled passwords, email addresses, IP addresses, birth dates, private messages and posts, user activity data. It also added that Facebook access tokens for users who signed in with their social account were also stolen. Recent hacks involving Ubuntu, Dota 2, and Canadian media company VerticalScope, which exposed 45 million user accounts, also involved unpatched, older versions of vBulletin.
A statement about the data breach was published on the Unreal Engine forum website:
“We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext. While the data contained in the vBulletin account databases for these forums were leaked, the passwords for user accounts are stored elsewhere. These forums remain online and no passwords need to be reset.
“Also, we believe a compromise of our legacy forums covering Infinity Blade, UDK, previous Unreal Tournament games, and archived Gears of War forums revealed email addresses, salted hashed passwords and other data entered into the forums. If you have been active on these forums since July 2015, we recommend you change your password on any site where you use the same password.
“We don’t believe that other Epic related forums were affected, including Paragon, Fortnite, Shadow Complex, and SpyJinx.
“We apologize for the inconvenience this causes everyone and we’ll provide updates as we learn more.”
This is not the first time that Epic Games has suffered a data breach. Last year, the gaming company was the victim of the hackers that stole thousands of accounts’ data.