Epic forums subject to epic hack, have been shutdown as a result. Users advised to change passwords and beware of spam.
Epic Games have taken the conscientious and brutally honest step of sending out emails to every registered member of the Epic forums, alerting them to a hack that has occurred on their forum platform. There’s no indication of when the hack took place, but the net result is the Epic forums are offline now.
Here’s the email in full:
Dear Epic Games Forum Member,
We have just discovered that the Epic Games forums located at https://forums.epicgames.com were compromised by a hacker. We are sorry to report that the incident may have resulted in unauthorized access to your username, email address, password, and the date of birth you provided at registration.
We have taken https://forums.epicgames.com offline. When the site reopens, your password will be reset. If you use the same password on this site which you use on other sites, we recommend immediately changing your password on those sites as well.
The affected forum site covers UDK, Infinity Blade, Gears of War, Bulletstorm, and prior Unreal Tournament games. However, the separate forum sites covering Unreal Engine 4, Fortnite, and the new Unreal Tournament were unaffected.
We apologize for the inconvenience this causes everyone. To further understand what’s happened and prevent it in the future, we’re working with a computer security firm to identify the nature of the compromise. We will report further information on the forums when they reopen.
While the investigation into the security compromise is ongoing, we are reaching out to you directly to let you know of the potential unauthorized access to information you provided at registration. It is possible that any information stored or sent by you using the forums may have been accessed. Since this is a public forum, we do not collect or maintain financial information, but we advise you to be alert for suspicious email such as phishing attempts.
Thank you for being a part of our community, and for your attention to this issue.
The Epic Games Team
The takeaway message is this folks:
While the Epic forums had no access to financial data and stored nothing more than (relatively) basic personal information, any and all information you have posted or received on the Epic forums, or was held within your account, may have been compromised.
That may include your password, and when the Epic forums come back online you will have to change your password, but that’s not an end to this.
If you’re one of those foolhardy people who uses one password for everything, including your email address, then you need to go and change your email password. Whoever hacked the Epic forums may now have (in amongst a load of useless waffle about Gears of War and the like) the two things they require to login to your email – that’s your email address, and your password that you use everywhere – and you need to remedy that ASAP.
Even if they’re not making use of it, they’re probably selling it on as we speak.
You can always check to see if your account has come up on a list of compromised accounts published by hackers at haveibeenpwned.com, but that’s not an exhaustive list, and certainly won’t be up-to-date with the current Epic forums breach.
You have been warned.