14 DAY TRIAL // Epic Games has reset passwords across its entire forum after hackers managed to obtain access to the underlying database.
An announcement of the hack posted on the forum last week includes a message from the Epic Games CEO Tim Sweeney which reads:
"Our Epic Games web sites and forums were recently hacked. We're working on getting them back up and running, and expect everything to be restored in a few days.
"The hackers likely obtained the email addresses and encrypted passwords of forum users. Plain text passwords weren't revealed, but short or common passwords could be obtained by brute-force attack. "Therefore, we're resetting all passwords. If you have an account on the Epic Games forums, you can request to receive your new password by email it to the address we have on file for you."
It seems the forum was reset to a previous state and everyone will have to repost anything that was posted since last Monday. Accounts registered during this period also need to be recreated.
The good news is that the Unreal Developer Network (UDN) has not been compromised and none of the company's sites stores sensitive financial or customer data.
"We're sorry for the inconvenience, and appreciate everyone's patience as we get our servers back under control," Sweeney concluded.
Epic Games is best known for creating the Unreal game engine which has been used in many success titles, including those in the Unreal series itself.
The hashing algorithm wasn't disclosed so it is hard to say how easy it is for attackers to recover the passwords. Because of this, users should also change their password on other websites where they might have used it, although password reuse is a bad security practice and should be corrected.
In addition, because their email addresses were exposed and their connection to Epic Games is known, users should be on alert for fake emails purporting to come from the game developer.
In related news, Nintendo Europe announced that it's investigating a phishing attack against its customers and has temporarily shut down parts of its website as a precaution.