Another video game forum hack puts 800,000 gamers at risk
More than 800,000 gamers’ data has been stolen in a confirmed cyber attack on a game development company’s online forums. According to ZDNet, cyber criminals stole more than 808,000 account details from Epic Games, including more than half a million from the Unreal Engine forums.
The data includes usernames, scrambled passwords, email addresses, IP addresses, dates of birth and details of online activity including users’ posts and private messages.
It is believed a hacker gained access to the database using a known vulnerability in an old version of the vBulletin forum software.
Epic Games posted a statement on its website to clarify what happened.
It said a compromise of the Unreal Engine and Unreal Tournament forums did not reveal any passwords because they are stored elsewhere.
However, attacks on its “legacy forums”, including Infinity Blade, UDK, previous Unreal Tournament games and archived Gears of War forums revealed salted, hashed passwords.
“We apologise for the inconvenience this causes everyone and we’ll provide updates as we learn more,” it said, advising users whose passwords may be affected to change them on all sites where they use the same credentials.
That said, cyber security experts advise users not to reuse passwords on multiple sites to avoid further compromises in situations like this.
The data, which is believed to have been stolen on August 11th, is available to search through on breach notification website LeakedSource.
The breach is reminiscent of previous attacks on gaming websites.
In July, nearly 1.6 million gamers’ details were stolen after a forum for the popular mobile game Clash of Kings – which was also running an old version of vBulletin – was hacked.
“This is a dishonest breach of its fans privacy and it’s sincerely sorry for the invasion,” the company behind the game said in the aftermath of the breach.
“Elex is cooperating with law enforcement agencies to investigate this criminal act. Any and all parties responsible for this malicious act of cyber terrorism will be held accountable.”