SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
17 Jul 2015

Epic Games forum hacked

If you’re an avid video gamer, chances are that you know of Epic Games. An email sent out by Epic Games to forum members shares some of the sorry details.

They’re the developers of popular games such as Infinity Blade, Gears of War, Unreal Tournament… and – if you’re as old as me – you might even remember their founder Tim Sweeney’s classic DOS era shareware game ZZT. In other words, they’re great at making video games.

“Maintenance tasks” sounds harmless enough, doesn’t it? But it’s not telling you the full story. Because what’s really happened is that hackers managed to compromise the forum, and may now have their paws on members’ usernames, email addresses, passwords, and dates of birth. The Epic Games forum is offline as they are resetting passwords and (hopefully) improving their security. If you were a member of the forum you should not only reset your password when you next access the site, but also change your passwords anywhere else on the net if you were using the same credentials.

Furthermore, be aware that hackers might now have your email address and other personal information such as dates of birth. They may even have read private messages that you exchanged on the forum. All of this data could be abused to create carefully crafted phishing messages designed to dupe you into making unwise choices, or tricking you into clicking on dangerous links or attachments.

No details of precisely what went wrong have been shared publicly, but it’s possible that software being used to run the forum was not being properly maintained with updates, and that the hackers were able to exploit a vulnerability to gain access. When I looked at a cached version of the Epic Games forum I found it was still using VBulletin 4.2.0 as its forum software, which should have received a number of updates and security fixes in the last couple of years.

Another potential explanation could be that a hacker managed to phish credentials from a moderator of the Epic Games forum, logged into the moderator’s account and was able to escalate their privileges to such an extent that they could steal users’ credentials. VBulletin itself suffered a damaging hack in November 2013, which saw hackers run off with user IDs and hashed passwords, and the popular Apple News site MacRumors had its 860,000 members put at risk after its VBulletin forum was compromised.

Earlier in the same year, Ubuntu Forums was brought down after a hacker exploited a security hole in its vBulletin software, and defaced it with a picture of a gun-wielding penguin. So, it’s clear that if you are running a web forum you need to treat its security as a priority – you owe it to your members to do that. And as regular users of the internet, we must all adopt sensible password practices. That means not just choosing complex, hard-to-crack passwords that hackers won’t be able to guess. But also making sure that each password we use on the net is unique.

Because, when a hack like the one that’s just occurred at Epic Games happens, there is always the danger that hackers might try to use the passwords they have stolen against other online accounts. So, if you are using the same password at Epic Games that you are using at, say, your Gmail account – they might be able to unlock much more of your online identity, with the resulting potential for mayhem.

Of course, you’re only human. And you can’t remember more than two or three complex, gobbledygook passwords. So, my suggestion to you is that you should stop trying to remember them. Instead, get on the bus with a good password manager that will dream up and remember all of your internet passwords for you, and store them in an encrypted vault. That way, you only need to remember *one* strong complex password. There are also some tips on how to remember strong, unique passwords.

Tags:
hackers information leaks
Source:
HotForSecurity
2716
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015