Epic Games forum hack underscores the need to install security patches

The hack stole emails and hashed passwords from 808,000 users

A recent data breach at Epic Games may have been avoided if the company had simply installed a security patch.

On Monday, Epic Games reported that its internet forums had been compromised. The leaked data includes email addresses and hashed passwords taken from legacy forums at Infinity Blade, previous Unreal Tournament games, and an archived Gears of War forum.

Epic Games declined to explain how the leak occurred, but a website that stores information on data breaches said hackers were responsible and that 808,000 users are affected.

The anonymous attackers targeted the vBulletin forum software on Aug. 11, according to the website Leaked Source, which has been in contact with the hackers.

It was done by exploiting an SQL injection vulnerability that vBulletin patched back in June. The hackers then supplied Leaked Source with a copy of the stolen data.

Although the stolen passwords may not be crackable, the hackers still came away with other information including usernames, IP addresses, and birthdays, Leaked Source said in an email.

The breach underscores the need for companies to quickly update their software and to test them for vulnerabilities, security firms said on Tuesday.

SQL injection attacks have been around for more than a decade, but they still remain a problem, said John Smith, a principal solution architect at Veracode. The company has found that one in five enterprise applications had at least one SQL Injection vulnerability.

IT administrators may face a challenge patching every bit of old software they run, but they still need to develop processes to ensure that everything is up to date, said Deral Heiland, a researcher at Rapid7.

“Although Epic claims that most of the password hashes are not easily cracked, it’s important for users to remember that with motivation and time nothing is impossible,” he said in an email.

The danger is that users may have used the same passwords across multiple internet accounts.

“If you have been active on these forums since July 2015, we recommend you change your password on any site where you use the same password,” Epic Games said on Monday.

The company said its current Unreal Engine and Unreal Tournament forum were also breached, but no password data was stolen.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?