Epic Games forums hacked, user data stolen

The forums of popular game development company Epic Games have been hacked, and the users’ username, email address, password and date of birth have likely been compromised.

You wouldn’t know it, at first glance, because the company didn’t share this information on the forums website, which just says: “We’re performing some Epic maintenance tasks. Everything will be back shortly!”

But the company has sent out breach notification emails to registered users, explaining that when the forums are back online, users will be required to change their passwords because the company will reset them all.

It’s also possible that any of information stored or sent by the users via the forums (private messages to other users, for example) has been compromised, the email says.

“The affected forum site covers UDK, Infinity Blade, Gears of War, Bulletstorm, and prior Unreal Tournament games. However, the separate forum sites covering Unreal Engine4, Fortnite, and the new Unreal Tournament were unaffected,” the company pointed out.

Epic Games has still investigating how the breach happened with the help of an unnamed computer security firm, but according to Graham Cluley, it’s possible that the attacker exploited vulnerabilities in the vBulletin software on which the forums are run.

“When I looked at a cached version of the Epic Games forum I found it was still using VBulletin 4.2.0 as its forum software, which should have received a number of updates and security fixes in the last couple of years,” he noted.

Users are advised to change the password on other sites and online services if they used the same one that they used on the forums, and to be on the lookout for phishing emails.