Epic Games Confirms Unreal Forums Hacked, Email Addresses Nabbed
We hear about hacks and attacks on web services all of the time, and often, there's a big reason behind it. The attackers either want to fetch information for their financial gain, or just to simply cause havoc. In this latest case involving Epic Games' forums, it appears to be the latter.
In a new blog post, Epic says that it believes its Unreal Engine and Unreal Tournament forums have been compromised, with the attackers gaining access to email addresses and other information. Fortunately, no passwords were included, whether salted or not. This points to a smart design: while the bulk of the information was stored in a singular database, the passwords were kept separate. Other companies hosting web services should consider this same design.
In addition to the UT-related forums being compromised, Epic also believes that its legacy forums covering Infinity Blade, UDK, older Unreal Tournament games as well as Gears of War also had their data leaked. In this particular case, salted passwords were included in the dump. The company recommends that if you've used those forums at any point from July 2015 to now, you should consider your password compromised.
The company says that it doesn't currently believe that its forums surrounding Paragon, Fortnite, Shadow Complex, or SpyJinx has been affected.
Epic vows to provide more information as it comes, but in the meantime, if you participated in any of the affected forums, you should consider your password compromised and take steps to update it. If you happened to use the same password for other services, it'd be important to change those as well - just to be safe.