Read also: Record-breaking Minecraft hack – millions of passwords at risk
Epic Games has chosen not to comment on the hackers’ approach, but the website Leaked Source reports that the attack was made possible by taking advantage of a vulnerability in the forum program Vbulletin. The security hole is already known and was patched in June 2016. Epic Games, however, used an unpatched version of said forum software.
The good news is that the passwords themselves are protected by mathematical methods – and are thus very difficult to decipher. Unfortunately, the hackers can still get away with the rest of the collected data; that is, usernames, IP addresses and birthdays.
Epic Games advises all its forum visitors to change their passwords immediately, especially if the same password has been used on different web pages.