Epic Forums Suffer another Breach – Thousands of Logins Stolen
Forums of Unreal Engine and Epic Games were hacked into, resulting in the theft of more than 800,000 email addresses and usernames.The company confirms the hacks but says passwords cannot be cracked easily.
Epic Forums was under fire last year when a hack into its forums led to thousands of accounts being stolen by the hacker. A lot of users were affected by the hack, and the gaming giant had publicly confirmed the hack. A year later, a similar incident has taken place as more than 800,000 usernames and email addresses have been compromised due to a successful breach by a hacker.
The news of the breach was provided by LeakedSource, which managed to obtain a copy of the database. LeakedSource revealed that the hack took place on August 11. Of the 808,000 accounts stolen, more than half a million belonged to Unreal Engine’s forums. The hack has seriously affected the gaming engine and its parent company Epic Games.
The identity of the hacker is unknown, but he is believed to have succeeded in breaching the forums by exploiting a persisting SQL injection vulnerability in the vBulletin software. Doing so allowed the hacker to access the entire database. He then stole huge chunks of accounts, email addresses, IP addresses, scrambled passwords, join dates, private messages and posts made by users, etc. from the database.
Facebook access tokens of users who signed into the forum with their Facebook account were also stolen by the hacker. Although quite a large number of passwords were stolen, it is believed that they are not as easy to crack as those used by users in their Dota 2 and DLH.net accounts. Those forums used MD5 algorithm to store passwords, which can be cracked with software available online. Epic uses better encrypting algorithms, which keeps the passwords better protected.
Epic’s forums were down following the breach, but Unreal Engine’s forums were still active. Although this is a similar hack to the recent Dota 2 and DLH.net hacks, people are not of the opinion that the same hacker is responsible. The vulnerability exploited has been known to experienced hackers for some time now, and the dark net is full of websites where hackers share their knowledge with one another. However, this hack shows once again that even leading gaming companies are not doing away with running out-dated and unpatched forums.
With similar attacks having recently taken place, you would expect other companies to buckle up and start taking things more seriously. This is expected more so from Epic Games, which suffered a similar breach last year. When asked to comment on the situation, Epic Games replied to ZD Net via email that the hack had indeed taken place, and assured them that the company was investigating the matter.
If you’re a gamer and in need of some extra protection, we really recommend getting a VPN suited for gaming.