Epic Games Forums Hacked, User Details Exposed

Information relating to over 800,000 user accounts has been stolen in a hack on games developer Epic Games and its forums.

Epic Games—the company behind Unreal Tournament and game development tool Unreal Engine—confirmed the hack in a statement on its website.

“We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext,” the statement said.

“While the data contained in the vBulletin account databases for these forums were leaked, the passwords for user accounts are stored elsewhere,” Epic Games added. “These forums remain online and no passwords need to be reset.”

However, the hacker also accessed legacy forums, including “Infinity Blade, UDK, previous Unreal Tournament games, and archived Gears of War forums.” This hack exposed email addresses, salted hashed passwords and other data entered into the forums. Epic recommends that anyone who may have used these sites since July 2015 should change their password on any other site where the password was reused.

According to ZDNet, the hacker used a known SQL injection vulnerability from an older version of the vBulletin forum software. Recent hacks involving Ubuntu, Dota 2, and Canadian media company VerticalScope, which exposed 45 million user accounts, also involved unpatched, older versions of vBulletin.

The Epic Games hack exposed 808,000 user accounts, and included usernames, email addresses, IP addresses, post history, private messages and Facebook access tokens from any linked social accounts, ZDNet said.

The company also said on its Twitter page that its forums had been “placed into maintenance mode” while the compromise was investigated. “We apologize for the inconvenience this causes everyone and we’ll provide updates as we learn more,” the statement concluded.

Photo © Barone Firenze/Shutterstock.com

What’s Hot on Infosecurity Magazine?