According to a representative from, an alleged data dump of accounts from Unreal Engine and Epic games are being traded on the darkweb and underground communities.These data dumps consist of 530,590 leaked user accounts from the Unreal Engine forum and 277,944 leaked user accounts from the Epic Games forum.

When contacting Epic Games regarding this breach, I was forwarded to an announcement that they have posted on their site regarding the compromise. According to Epic Games, their vBulletin forums were compromised, but no passwords were able to be accessed as they were stored on another server. They further go on to state that they "don’t believe that other Epic related forums were affected, including Paragon, Fortnite, Shadow Complex, and SpyJinx."

Epic Games Announcement
Epic Games Announcement

In a small sample provided by LeakedSource, it does not appear that there were  any passwords stored in either of the data dumps. This has been further confirmed by LeakedSource. 

Using the provided sample, I can confirm that the dumps being traded online are legitimate as they contain profile titles and display names that correspond to legitimate users on the Unreal Engine or Epic Games forums. With this said, I still strongly suggest that anyone who has an account on either forum, change their passwords if you use the same password elsewhere.

Epic Games have since taken both forums offline for maintenance, where I am guessing that they are upgrading the vBulletin forums in order to fix any security vulnerabilities.

At this time, Epic Games has not confirmed how the hackers were able to gain access to the company's vBulleting installation. According to Google cache, they were using vBulletin 4.2.2, which has known security vulnerabilities including SQL injection.