Epic Games, Epic Fail: Forumers' info blown into dust by hack
Company sorry for the inconvenience caused. Great
Epic Games, known for its Unreal Engine and the Gears of War series, sent a grovelling letter to its forum users this morning explaining that a hack "may have resulted in unauthorised access to your username, email address, password, and the date of birth you provided at registration."
Emails announced that the company has taken the forums offline, following a compromised by "a hacker". Although the company does not collect or maintain financial information on its forums, it additionally advises its members "to be alert for suspicious email such as phishing attempts."
Epic Games announced that "when the site reopens, your password will be reset. If you use the same password on this site which you use on other sites, we recommend immediately changing your password on those sites as well."
This raises numerous questions regarding the security procedures involved in the storage of those passwords, which are typically stored as salted hashes, specifically to prevent the 32-byte strings from being simple (if time-consuming) to reverse.
Epic Games states that, "to further understand what's happened and prevent it in the future, we're working with a computer security firm to identify the nature of the compromise. We will report further information on the forums when they reopen."
Users were emailed directly to let them know "of the potential unauthorised access to information you provided at registration."
The Register contacted Epic Games for comment and we are awaiting a reply. ®