Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Epic Games forums hacked again, thousands of account logins stolen

The Epic Games forums hacked again, more than 800,000 logins accounts have been stolen, with more than half a million from Unreal Engine’s forums. Epic Games forums breached again, salted passwords of 808,000 Unreal Engine and Unreal Tournament forum accounts have been exposed. The stolen records from Epic Games include email addresses, birth dates, and […]

Epic Games forums hacked again, thousands of account logins stolen

The Epic Games forums hacked again, more than 800,000 logins accounts have been stolen, with more than half a million from Unreal Engine’s forums.

Epic Games forums breached again, salted passwords of 808,000 Unreal Engine and Unreal Tournament forum accounts have been exposed. The stolen records from Epic Games include email addresses, birth dates, and private messages.

Security experts are critics on the level of security implemented to protect users’ data, in response the company clarified that passwords were not compromised on the Unreal forums and for this reason it will not force the account resets.

“We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext.  While the data contained in the vBulletin account databases for these forums were leaked, the passwords for user accounts are stored elsewhere. These forums remain online and no passwords need to be reset.” reads the official statement issued by Epic Games.

Accounts active since July last year used on older game forums including legacy Unreal Tournament titles, Gears of War, and Infinity Blade were compromised and associated salted passwords exposed.

At the time I was writing the Epic Games’ forum was down for maintenance, meanwhile, the Unreal Engine forums were still active.

Epic games forum hacked once again

The hackers compromised the forums exploiting a SQL injection vulnerability in their outdated version of the vBulletin CMS.

The attackers also had access to the Facebook access tokens included in the database for those users who signed in with their social account.

Breach notification website LeakedSource.com that has analyzed a copy of the stolen database, confirmed that the attack launched on August 11.

The experts from Epic Games are still investigating the incident.

Unfortunately, this isnìt the first time that Epic Games has suffered a data breach, last year, the gaming company was the victim of the hackers that stole thousands of accounts’ data.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Epic Games, data breach)