Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

Epic Games Forums Hacked, Again (betanews.com) 38

An anonymous reader writes: Epic Games, maker of popular games such as Unreal and Infinity Blade, announced today that its forums have been hacked. Now, if you don't reuse password that isn't a huge deal. But if you have used the same password on any service, perhaps even a variation of that password, you will want to ensure that you have changed password of all your accounts. In the meanwhile, here's Epic Games: "We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext. While the data contained in the vBulletin account databases for these forums were leaked, the passwords for user accounts are stored elsewhere. These forums remain online and no passwords need to be reset", says Epic Games.ZDNet is reporting that thousands of passwords have been stolen.
This discussion has been archived. No new comments can be posted.

Epic Games Forums Hacked, Again

Comments Filter:
  • Epic Games says passwords were not taken in any way. ZDNet says they were. Summary says to change your passwords elsewhere if they're the same or similar.

    Are we assuming Epic Games is lying about the scope of the breach?

    • Are you assuming the "editors" edit?
      Are you assuming the "anonymous reader" who posted this submission wasn't a bot or a Slashdot "editor" filling a daily quota of shitty front page articles?

    • There were two different compromises. One of them involted salted+hashed passwords, the other involved no passwords. Crappy ZD clickbait headline+poor /. editing.
  • likey more forums sql injection.

    It seems like just about any forums site out there is open to that.

  • There games are not compatible with Windows 7 with unreal tournament 99 and ut2004 has issues with Windows 10.

    I just bought them on steam and disappointed. Was about to register an account on epic forums and glad I didn't

  • by ilsaloving ( 1534307 ) on Tuesday August 23, 2016 @11:20AM (#52756257)

    I'll get this in now before it gets buried in comments: Use a password manager. The internet is too risky to be re-using passwords. Although there are various free ones out there, I went and bought 1password. It runs on Windows, OSX, iOS and Android. It has a read-only version that works in Linux. (I wish they'd make a Linux version, but as of yet, they haven't) It also has plugins for every major browser out there. It can also sync your passwords between multiple devices.

    You can use it to keep track of all your passwords, and will even generate random passwords for you.

    Nowdays, the risk of password re-use is just too high, and you're basically playing russian roulette with someone from a far off country just itching to steal your identity info, or cause havoc in some other way.

    • Wow, I just checked, and the field has gotten a lot bigger than I last remembered:

      http://alternativeto.net/softw... [alternativeto.net]

    • You can also take the habit to always log in to your services through the "I forgot my password" options. At least it saves you from having to remember the password to your password manager!
      • This just opens up more opportunities for a MITM to screw with you. E-mail is not secure. SMS is not secure.

    • Although there are various free ones out there, I went and bought 1password. It runs on Windows, OSX, iOS and Android.

      1Password is nice if you don't mind paying separately for each platform you want to run it on. I used it a long time ago but dropped it when they started this. There are too many other options out there, both free and commercial, that support multiple platforms for a single fee.

      • That is true. I went ahead and bit the bullet cause I couldn't find anything else that had it's feature set. It's broad platform and browser support, multiple vaults, and general polish of the application are very benefits to me. I was also able to get the desktop version on sale, which also helped. :)

        The only thing missing for me, is the lack of Linux support, and it's limited sync support (ie: It only supports dropbox and icloud).

        If you can suggest a tool that can do what 1password does, AND supports

    • Mozilla has their own password manager as part of their sync service.

      And if you don't trust them, you can even sync using your own home server (I think I remember that you need WebDAV for that.)

      And that one works *also* on Linux.

      And in addition to a password manager, you should enable 2 factors on anything critical: Your banks, e-mail address that you use for password recovery, OAuth and OpenID providers that you use to log elsewehere (like Google or Facebook), etc.

  • by Anonymous Coward

    You have to log into an Epic account if you do any work with UE. Thanks a lot Epic, you're really inspiring me to choose you over CryEngine or Unity.

    • You mean like every other company out there now? DCS, Blizzard, EA, GoG, Steam, Microsoft, Autodesk, Adobe.....These are just the clients i personally have installed.
  • by Anonymous Coward

    My Slashdot password is

    is my Epic Games password XOR'd with a randomly-generated password, then XOR'd with my Epic Games password again (twice is better than once!).

    All of my other important passwords follow the same pattern, but with a different randomly-generated password.

    I guess I'll have to go change them all now.

C makes it easy for you to shoot yourself in the foot. C++ makes that harder, but when you do, it blows away your whole leg. -- Bjarne Stroustrup

Working...