In what is now becoming a widespread problem for the vBulletin platform, this time Epic games forums were hacked.
Epic issued the following statement explaining exactly what has happened.
We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext. While the data contained in the vBulletin account databases for these forums were leaked, the passwords for user accounts are stored elsewhere. These forums remain online and no passwords need to be reset.
Also, we believe a compromise of our legacy forums covering Infinity Blade, UDK, previous Unreal Tournament games, and archived Gears of War forums revealed email addresses, salted hashed passwords and other data entered into the forums. If you have been active on these forums since July 2015, we recommend you change your password on any site where you use the same password.
We don’t believe that other Epic related forums were affected, including Paragon, Fortnite, Shadow Complex, and SpyJinx.
We apologize for the inconvenience this causes everyone and we’ll provide updates as we learn more.
Epic has put the affected forums into maintenance mode while they investigate further.
This is the second large user account breach tied to Vbulletin forums, the first was Funcom which we reported earlier today. Our advice would be to make sure your passwords are changed if you used either the Epic or Funcom boards. It seems likely that like other hacks of vBulletin boards in the last week, this new rash of attacks on gaming boards may be leveraging known SQL injection vulnerabilities to target out-of-date versions of the software. But since there is no real evidence for this, it could be possible that a vBulletin 0-day exploit has been used in the attacks.
