It seems the Unreal Engine and its creators, Epic Games' forums have recently been compromised by an unknown hacker or a group of hackers, who have stolen more than 800,000 forum accounts with over half a Million from the Unreal Engine's forums alone.
The hackers get their hands on the forum accounts by exploiting a known vulnerability resided in an outdated version of the vBulletin forum software, which allowed them to get access to the full database.
Epic believes registration information that includes usernames, scrambled passwords, email addresses, dates of birth, IP addresses, and date of joining, may have been obtained in the attack.
"We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext," announcement on the Unreal Engine forum website reads.However, ZDNet reports "their full history of posts and comments including private messages, and other user activity data from both sets of forums" have also been compromised.
Most of the stolen passwords are scrambled that can not be cracked easily, but hackers could exploit other stolen data to send phishing messages to forum members' email addresses in an effort to infect their systems with ransomware or other malicious software.
Epic Game Players at Risk
Moreover, there is bad news for players of Infinity Blade, UDK, Gears of War, and older Unreal Tournament games, as hackers may have compromised their salted hashed passwords, along with their email addresses and other data entered into the forums.
Discover the Hidden Dangers of Third-Party SaaS Apps
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
At the time of writing, the Epic Games' forum and Unreal Engine forums both appeared to be down.
So, users are advised to change their passwords for the forum accounts as soon as possible and keep a longer and stronger one this time and change passwords for other online services, especially if you use the same password for multiple sites.
You can use a good password manager that allows you to create complex passwords for different sites and remember them for you.
We have listed some best password managers that could help you understand the importance of password manager and help you choose a suitable one, according to your requirement.
LeakedSource, a search engine site that indexes leaked login credentials from data breaches, has added the breached data from the Epic Games' forums into its database, which includes the password hashes to allow its users to search for their stolen data.