Epic Games warns of forum breaches

August 23, 2016 // 1:08 p.m.

Tags: #breach #data-loss #forum #hash #hashing #insecurity #password #salt #security #vbulletin

Epic Games has warned of a breach into its forum, which has leaked password personal information - including password hashes for legacy forums covering older titles.

According to a statement released earlier today, an attacker or attackers unknown succeeded in breaching the database associated with Epic Games' vBulletin-powered Unreal Engine and Unreal Tournament fora. As a result, data including 'email addresses and other data entered into the forums' was exfiltrated. The breach did not, however, include access to passwords used for forum user accounts.

The same cannot, sadly, be said of a seemingly related attack on fora related to legacy Epic Games titles including Infinity Blade, the Unreal Development Kit, earlier Unreal Tournament titles, and the archived Gears of War forum. This attack, Epic admitted, 'revealed email addresses, salted hashed passwords and other data entered into the forums.'

Epic's use of salting - in which a special randomly selected value is included before hashing a password, meaning that two otherwise-identical passwords hash to two very different finished hashes - means the passwords will be significantly more difficult to crack than would otherwise be the case. Sadly, this offers little protection for short and otherwise easily-guessable passwords.

'If you have been active on these forums since July 2015,' Epic said of the legacy fora breach, 'we recommend you change your password on any site where you use the same password.' Those with accounts solely on the Unreal Engine and current Unreal Tournament fora, meanwhile, do not need to reset their passwords and can continue using the site as normal.
Discuss this in the forums

QUICK COMMENT

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU