Download

Unreal Engine Forums Hacked on August 11th - Change Your Passwords!

Notice: The Unreal Engine Forums were hacked on August 11th
530,147 Accounts Affected

Some people are already aware of this. Epic Games has made an announcement about it here, but many people might not have seen this announcement. If you have already changed your password since this breach, you should have nothing to worry about. If you were unaware of this breach however, you should still change your passwords.

Dear Unreal Engine Community,

I am sad to inform you all that today I received a message notifying me about our personal data being leaked. Unreal Engine Forums were hacked on August 11th and the personal information of 530,147 people was stolen. If you have an Unreal Engine account from before August 11th, 2016; I strongly encourage you to change your UE password immediately! I would like to spread awareness to everyone if possible.

To confirm whether or not you have been hacked, you can perform a HaveIBeenPwned search and a LeakedSource search. If you have never done one of these searches on yourself, the results may be shocking.

Data Stolen (According to LeakedSource.com): Username, hash, email, register_date, last_login, ipaddress, salt

hT1O5Hj.png

HaveYouBeenPwned Email I Received:

SVsRUdl.png

Sincerely,

0mnipotent

This is months old and Epic -did- made a statement at the time, but still a good reminder to people. If I recall correctly, it was only the old forums that were hacked, not the current one, so users here should be fine.

I never used the old forums, along with some of my colleagues, but we still show up as being breached on HaveIBeenPwnd. I created my account back in 2014 when UE4 was first released to the public. Unless I am confused, it affected users here.

For a second I was like… NOT AGAIN!
Then I realized you’re referencing the old hack.

Appreciate your desire to inform people, but this is false.

https://www.unrealengine.com/news/information-regarding-recent-forum-compromise

Whoops, sorry for scaring some of you who may have already known. Thank you very much for the article with proof. I couldn’t for the life of me find anything about them announcing it. I for sure never received an email warning me about it (which should have been the go to here IMO).

I am disappointed with how they made the announcement because only people active during that time would have seen that announcement. But at least they made one. Removed the false info in the OP and added a notice.

Can you change password page to reveal what the upper password size limit is? After having a few accounts stolen, I’ve started using lastpass to manage my passwords. Since I don’t need to remember the passwords anymore might as well use a huge password. I tried a 25 character password but the web page didn’t tell me my password change didn’t take. I had to keep lowering the character limit. I’d be nice to see the limit and get feedback that the PASSWORD CHANGE REJECTED—> TOO MANY CHARACTERS or passwords can’t contain curly braces etc.

Thanks