Epic Games’ forums have suffered a data breach — It’s just another day and just another breach.
Gaming giant Epic Games, Inc has suffered a massive data breach in which login credentials of 800,000 plus registered users (gamers) from Unreal Engine and Unreal Tournament forum have been stolen.
The security breach took place on 11th August 2016 in which a hacker bypassed the security of Epic Games forums using an SQL security flaw currently present in old and outdated vBulletin allowing him complete access to the database.
The stolen data includes usernames, email address with encrypted passwords, data of birth, IP addresses, Facebook access tokens, comments and activity history on both forums.
In a public statement, Epic Games acknowledged the breach yet stated that there is no need of resetting the passwords as they are encrypted with proper security measures in simple words ”a tough nut to crack” unlike the recent breach exposing millions of Dota2 accounts with extremely weak password hashes.
“We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext. While the data contained in the vBulletin account databases for these forums were leaked, the passwords for user accounts are stored elsewhere. These forums remain online and no passwords need to be reset.”
At the time of publishing this article, the targeted forum was down for maintenance:
If you own a gaming forum based on vBulletin software update it to the latest right now, remember last month, Clash of kings forum was also hacked (1.6 million accounts were stolen) due to the same security flaw in their vBulletin forum. Back in 2015, hackers claimed responsibility for breaching Electronic Arts (EA) Origin accounts based on vBulletin software.
As of now, the hacker has delivered stolen Epic Games data to breach notification site LeakedSource.com however, there hasn’t been any blog post from them at this moment. HackRead will update the article upon receiving analysis from LeakedSource.