Epic Games forum hack exposes 800,000 email addresses and private messages

Unreal Tournament: a place where the gruff, wide-shouldered men and women of Epic can live on.

This is clearly the week when hackers decided to turn their attention to game forums. Just as we covered a forum hack against four Funcom games yesterday, now it appears Epic Games’ forums have suffered the same fate.

Like having a digital gun in your digital hands? Check out the best FPS games on PC here.

The developer has revealed email addresses, birth dates and private messages have been compromised on Unreal Engine and Unreal Tournament forums, while email addresses, salted hashed passwords and other data has been swiped from legacy forums covering Infinity Blade, UDK, previous Unreal Tournament games and archived Gears of War forums.

All in all, more than 800,000 accounts have been affected.

As a result, the company recommends any users who have been active on any of the legacy forums since July 2015 should change their password on any sites or games where they use the same passwords as a matter of precaution.

Epic clarifies that “no passwords in any form, neither salted, hashed, nor plaintext” have been taken from its active Unreal Engine and Unreal Tournament forums, claiming “passwords for user accounts are stored elsewhere.” As a result, no password resets have been reset.

“We don’t believe that other Epic related forums were affected, including Paragon, Fortnite, Shadow Complex, and SpyJinx,” Epic concludes. “We apologize for the inconvenience this causes everyone and we’ll provide updates as we learn more.”

According to PCWorld, the hackers in question have told Leaked Source the hack was carried out by exploiting an SQL injection vulnerability in the forums that vBulletin patched back in June. The hackers have also supplied Leaked Source with a copy of the stolen data.