Petrovic Posted August 23, 2016 Share Posted August 23, 2016 According to a representative from LeakedSource.com, an alleged data dump of accounts from Unreal Engine and Epic games are being traded on the darkweb and underground communities.These data dumps consist of 530,590 leaked user accounts from the Unreal Engine forum and 277,944 leaked user accounts from the Epic Games forum. When contacting Epic Games regarding this breach, I was forwarded to an announcement that they have posted on their site regarding the compromise. According to Epic Games, their vBulletin forums were compromised, but no passwords were able to be accessed as they were stored on another server. They further go on to state that they "don’t believe that other Epic related forums were affected, including Paragon, Fortnite, Shadow Complex, and SpyJinx." Epic Games Announcement In a small sample provided by LeakedSource, it does not appear that there were any passwords stored in either of the data dumps. This has been further confirmed by LeakedSource. Using the provided sample, I can confirm that the dumps being traded online are legitimate as they contain profile titles and display names that correspond to legitimate users on the Unreal Engine or Epic Games forums. With this said, I still strongly suggest that anyone who has an account on either forum, change their passwords if you use the same password elsewhere. Epic Games have since taken both forums offline for maintenance, where I am guessing that they are upgrading the vBulletin forums in order to fix any security vulnerabilities. At this time, Epic Games has not confirmed how the hackers were able to gain access to the company's vBulleting installation. According to Google cache, they were using vBulletin 4.2.2, which has known security vulnerabilities including SQL injection. Article source Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted August 23, 2016 Share Posted August 23, 2016 vBulletin 4.2.2, vulnerabilities including SQL injection seen this befor Link to comment Share on other sites More sharing options...
Holmes Posted August 23, 2016 Share Posted August 23, 2016 We are going to keep seeing breaches with companies continuing using vulnerable website and forum software. I dont know why they dont update there software and keep it updated. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.