Pierluigi Paganini July 16, 2015

Epic Games announced that one of the forum websites it maintains has been hacked and the attackers have gained access to users’ sensitive data.

Epic Games is one of the most popular video game development companies, Unreal Tournament, Jazz Jackrabbit, Gears of War, and Infinity Blade are the most popular game series designed by the gaming firm.

Epic Games has announced that one of the forums it maintains has been hacked, the firm has informed the users via email.  According to the Epic Games, bad actors have compromised users’ records, including usernames, passwords, email addresses, and dates of birth.

The forum has more than 260,000 registered members, as usually happen in this case the company will reset the password urging users to change their password if they are shared on other web services.

Despite the forum database doesn’t contain financial data, users are exposed to cyber attack, threat actors, for example, they could use the stolen data to run phishing campaign.

At the time I’was writing the forum is down for maintenance.

The breached forum at forums.epicgames.com is ordinarily used by players of games like Bulletstorm, Infinity Blade, Gears of War and Unreal Tournament. According to Epic Games firm, the players of Unreal Engine 4, the new Unreal Tournament, and Fortnite uses different forums not breached by the hackers.

The Epic games firm has disclosed details of the attack, security expert speculate that hackers may have exploited a vulnerability in the CMS, in the specific case the company used the vBulletin 4.2.0, a version that is affected by known vulnerabilities.

The Epic Games will share more information on the data breach once the website is restored.

Pierluigi Paganini

(Security Affairs – Epic Games, data breach)