Hacked: Epic Games forums
Reusing a password on multiple sites is a recipe for disaster. Why? Well, the password is now only as safe as the weakest site. For example, if you use the same user credentials for a shopping site that you do for a banking site, and the shopping site is hacked, your banking password is now exposed. Bad guys will try stolen credentials on various sites looking for where they might work.
Today, Epic Games, maker of popular games like Unreal and Infinity Blade, announces that its forums have been hacked. Now, if you don't reuse passwords, that isn't a huge deal, right? Sort of. True, your discussions about games might not be particularly sensitive, but you may still feel pain.
"We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext. While the data contained in the vBulletin account databases for these forums were leaked, the passwords for user accounts are stored elsewhere. These forums remain online and no passwords need to be reset", says Epic Games.
But your passwords could still be as risk. As the company further shares, "also, we believe a compromise of our legacy forums covering Infinity Blade, UDK, previous Unreal Tournament games, and archived Gears of War forums revealed email addresses, salted hashed passwords and other data entered into the forums. If you have been active on these forums since July 2015, we recommend you change your password on any site where you use the same password".
We have placed our forums in maintenance mode while we investigate the recent compromise.
— Epic Games (@EpicGames) August 23, 2016
Unfortunately, since the hack includes email addresses and data entered into forums, this could reveal the identity of someone who wanted to stay anonymous -- plus their posted content. For instance, maybe John Smith goes by the username of SexyMan123, but his email address is JohnSmith@ -- hackers could expose him as SexyMan123, including any associated content he posted. This could prove quite embarrassing -- especially if private messages leak.
OK, maybe this hack is not the end of the world for many folks. There are a couple takeaways, however. One, if you are someone that reuses passwords, you will want to stop that practice immediately, and update your credentials on other sites where that password is being used. Two, If you believe you are ever anonymous on the internet, and think your private messages will always stay that way, think again.
Are you a user of the Epic Games forums? If so, tell me how you feel about the hack in the comments below.
Image Credit: chevanon / Shutterstock