Unreal: Epic Games Hacked

By John Walker on June 13th, 2011 at 10:24 am.

Too easy.

Hack hack hack. The crackers of the world are going after the gaming internet like an axe murderer at a Spring Break bikini party. The most recent victims, after Codemasters last week, are Nintendo, and more pertinently for our crowd, Epic.

According to Eurogamer, Nintendo’s attack was a phishing attempt that they say was on a server that does not contain customer’s bank or address details. However, they’ve still taken bits of the site down to be sure. Whether email addresses and passwords were taken hasn’t been mentioned.

Such email data at Epic might not be quite so secure. Epic’s Tim Sweeny has posted to their forums explaining that both their websites and forums were attacked, and expect things will return in a couple of days. However, email addresses and encrypted passwords were nabbed. And because so many people insist on using simple passwords, it means many accounts would be vulnerable, so they’ve reset all the passwords. Once again, all bank and credit card details are apparently safe.

No meaningful pattern seems to be emerging in these attacks, but they seem to be purely malicious phishing attempts, perhaps motivated by the dramatic success of Sony’s takedown, rather than hacker prowess or revenge-motivated meddling. It would seem a good idea for those in the industry yet to be attacked to be redoubling their security, perhaps getting some friendlies to hunt for vulnerabilities before the baddies get them first.

, , , .

50 Comments »

  1. poop says:

    epic fail? you can do better than that, john

    • timmyvos says:

      That’s probably the reason the alt-text is “Too easy”.

    • Davee says:

      You’ve been sitting on that image for a loooong time, haven’t you, John? :)

      But more on-topic, these attacks are becoming a real annoyance – I don’t want to be changing my passwords all the damn time!

    • Premium User Badge

      lurkalisk says:

      I believe the alt text is in reference to how easily he semi-matched the font EPIC uses. Yep.

    • Text_Fish says:

      It could just as easily have been used for reviews of any of Epics games for the past five years. Ah-well.

  2. Valvarexart says:

    They need to put up rewards if you manage to find exploits so that they can patch them. That would encourage the baddies to be goodies instead.

    • johnpeat says:

      Not everyone is incentivised by money and I think you’ll find that ‘goodie’ and ‘baddie’ are rather harder to define than you might imagine…

    • Valvarexart says:

      Yes, yes of course I forgot about “lulz anon is legion XD”. What would be the incentive to hack Epic? I can understand Sony. But I imagine these ones are mostly for profit or for fame or for whatever. Most likely they are not targeting any single company, but the ones that got hacked were the ones with lower security.

    • Premium User Badge

      Shakermaker says:

      I fail to see as well how this hack could be white hat.

    • Recidivist says:

      @Valvarexart

      What has this got to do with Anon? LulzSec claimed responsibility for Sony’s hack (And Nintendo), and I can imagine it was probably them that did both CodeMasters and Epic. They have no reason. They are neither white hats nor black hats, just ass hats.

    • Valvarexart says:

      The point I was trying to make was just that, they are just plain normal asshats.

    • jon_hill987 says:

      Some men aren’t looking for anything logical, like money. They can’t be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn.

    • bascule42 says:

      Cue EA setting fire to the forest.

  3. bleeters says:

    What a rabble of bastards.

  4. Dana says:

    According to lulzsecs twitter, Bethesda/Brink servers will/were hacked as well. If its newsworthy.

  5. Premium User Badge

    bglamb says:

    “Nintendo’s attack was…”

    You make it sound like Nintendo are hacking Epic.

    • RC-1290'Dreadnought' says:

      How else would Nintendo have come up with a console that features slightly higher resolutions.

  6. Raiyan 1.0 says:

    Why would you do this to Epic? They released UDK for us PC gamers! :(

    • tanith says:

      They let down the Linux Gamers with Unreal Tournament 3.
      Enough reason or me to hate them so all I can do is laugh at them at the moment.

  7. The Hammer says:

    So, when will Steam get hacked?

  8. Uglycat says:

    Probably done in revenge for UT2k3

    • thegooseking says:

      That’s a hell of a delayed response. UT2k3 was released closer to DNF’s announcement than it was to DNF’s release.

      Hmm. I like this way of putting perspective on release dates.

  9. jalf says:

    If we’re lucky, this will make the games industry realize that security is hard, and maybe, just maybe, it’s not a great idea for every goddamn studio and publisher to require us to create an account with them, where *they* store our password.

    Dear games industry, if you absolutely *must* require us to create 14 different accounts for everything, then at least outsource the security to professionals, and allow us to log in with, oh, I dunno, OpenID, Facebook Connect, or whatever else. Something that has more security muscle behind it than the intern who’s running your website.

    • thegooseking says:

      The problem with that is that then people hack your OpenID or Facebook (and you know someone will if that becomes the biggest target) and have access to everything. That’s not my idea of secure.

    • pepper says:

      I dont want a stupid account to play a game online anyway, I dont care for stats or ranks or unlocks or achievements or … Just gimme a CD-key and a way to get a new one in case some asshat is using mine, and il be a happy chum. Half-life and the first Battlefield, those cd key systems are all we need.

      Heck, I noticed I have less reason to go play online with the current system, because of the hassle of it all.

    • tanith says:

      @thegooseking
      Yeah but contrary to others some people and companies actually CARE about their security, that’s why we never hear about those hacks or rather about those attempts.

    • Pointless Puppies says:

      it’s not a great idea for every goddamn studio and publisher to require us to create an account with them, where *they* store our password.

      Oh, no! Not the password of my Brink account! Anything but that!

      The only reason why you would object to Epic/Bethesda/whoever having passwords is if you use the same password for everything, meaning if one of them gets hacked then you’re screwed. In which case it’s YOUR fault for having the same password on everything.

      Although I think differently for accounts that store credit card numbers. Those DO have to be very secure and their systems not just haphazardly thrown together.

  10. Coins says:

    So, are all these companies blindingly incompetent or what?

    • DuckSauce says:

      I wouldn’t call Epic so incompetent though, at least they reset the passwords themselves, Codemasters on the other hand… I can’t get to their site, the e-mail they sent me doesn’t tell me where I need to go instead to reset my password, but it does tell me to do so… but how?

      Now, at least Epic’s stuff ain’t down for days and they’ve got some nifty automation with the whole mass password reset, even if their protection isn’t the best, their damage control is at least better handled… also only encrypted passwords were stolen, from what I heard from other recent hacks, it didn’t say if they were encrypted or not(I sure hope they were, seriously… the hell would they be doing have unencrypted passwords stored)

      But yeah, they still got hacked D:

    • Pointless Puppies says:

      Getting hacked =/= blindly incompetent. Suggesting that they are is incredibly stupid, I must say.

  11. Teddy Leach says:

    Now accepting bets for who’ll be next.

    • jon_hill987 says:

      Valve are the biggest one left I think. I’m hoping they have some pretty damn good security against these things though.

    • Tei says:

      Valve got hacked with the leaks of HL2, so probably are butt hurt, and take things seriously. Maybe part of his success is because of this. When things are well run, not only security is right, things can be faster. If you have a server poorly managed, odds are that will also have poor uptimes, and be slow.

    • Gnoupi says:

      Well, at least it now takes extra steps to login to a Steam account. But for those who use the same password for mail account and Steam, I guess it doesn’t matter as much.

      Besides, I don’t think Steam keeps your card info in DB. They ask you for it every time. But of course, you never know.

      There is a bigger “fish”, in my opinion, with Activision/Blizzard. And these ones have the credit card info from their customers.

    • Dana says:

      Steam Guard will protect me.

    • Lukasz says:

      Something does keep your credit card info. Whether it is valve or someone else has access to that details i can be sure but when i buy stuff through steam i don’t need to input the numbers anymore. it just ask whether it is the correct card (all numbers are hidden except last few ones)…

      so if steam databases get hacked damage can be enormous…

    • Deano2099 says:

      This is Blizzard’s domain though. I mean my WoW account has an RSA authenticator, so it’s more secure than my bloody bank account.

  12. Gnoupi says:

    Seems really juvenile. I guess it’s what they call “for the lulz”.

    For Sony, you could see a motive, a reason why, even if not agreeing with. Some kind of self-righteous vigilante justice.
    But now, it’s like they just randomly pick a name and go after it. What’s the point? Oh, that’s right, it makes the few teenagers behind those attacks laugh a lot in the comfort of their parents’ home. Meh.

    • Premium User Badge

      Malibu Stacey says:

      You’re one of those people who think there is some sort of concerted effort to crack into certain companies.
      Little newsflash, it doesn’t work like the movie “Wargames” in the internet age.

      People write tools that take a range of IP addresses & try various known vulnerabilities on them. If the exploit is successful, it gets logged or someone gets a notification & they can then use that to infiltrate the network further. If it doesn’t work, they don’t even notice as it’s an automated program doing tens if not hundreds of tests every second.

    • Premium User Badge

      FriendlyFire says:

      I’m sorry but that explanation doesn’t stand. These automated tools have been around for years. How come all the sudden a large amount of game studios and companies get hacked? I could understand happenstance for one or two, but now there’s clearly a trend.

      People, not necessarily the same group, are targeting game companies for one reason or another, but it very probably is tied to Sony’s demise.

    • Ignorant Texan says:

      FriendlyFire-
      I believe you are onto something with it being tied to SONY. It could be either A)if SONY handles their own security, they have proceeded to sell their ‘solution’ to other gaming companies, or B)if Sony ‘outsourced’ their security, the third-party provider then sold their ‘solution’(I hear this corp-speak in my job, they all use the same buzz words) as ‘if it’s SONY’s preferred security ‘solution’, then shouldn’t it be yours?’. Either way, SONY’s back-doors/holes are everybody who uses the same ‘security’s’ holes/back-doors.

      Biz-Speak Gibberish to English Definitions
      Solution – Product or Service
      Outsourced – Paying someone outside a company to do a job, and thus, give the appearance of saving money

  13. djbriandamage says:

    John is beyond awesome for knowing the difference between hackers and crackers. For the layman, hackers = good happy curiosity, crackers = terribad malicious fudgeknocker.

    • Rhin says:

      I hate that simplification just as much.

      Hacker
      1. – A tinkerer
      2. – (colloquial) A malicious technological attacker

      Cracker
      1. – a type of biscuit
      2. – (possibly offensive slang) a white guy
      3. – Hacker definition 2
      4. – an implement used to crack things (crab legs, walnuts, passwords, etc.)

    • thegooseking says:

      5. A 1990′s detective show starring Robbie Coltrane.

    • Acorino says:

      Wouldn’t you call people who release cracks, I dunno, crackers? No? Huh.

    • Sleepymatt says:

      6. An awesomely stupendous and/or good-looking thing/person
      7. mental

    • Vague-rant says:

      6. Novelty Christmas item

  14. Hoaxfish says:

    Someone in malaysia hacked my email on the weekend, sent spam links to everyone on my contact list, and then deleted my sent mail to cover the crime… I feel like I’m a real game developer now!

  15. Josh Brandt says:

    Next victim: Club Penguin! Oh the humanity!

  16. MythArcana says:

    I got my notice from Epic today (ironically, I also had my vehicle stolen overnight, as well), but I bought my copy of UT3 on E-Bay and frankly that profile won’t win any awards. But…this all must go on to test these companies who regulate our personal info. Now…for the dirty illegal bastard who took my livelihood, I can never forgive.