According to a representative from LeakedSource.com, an alleged data dump of accounts from Unreal Engine and Epic games are being traded on the darkweb and underground communities.These data dumps consist of 530,590 leaked user accounts from the Unreal Engine forum and 277,944 leaked user accounts from the Epic Games forum.
When contacting Epic Games regarding this breach, I was forwarded to an announcement that they have posted on their site regarding the compromise. According to Epic Games, their vBulletin forums were compromised, but no passwords were able to be accessed as they were stored on another server. They further go on to state that they "don’t believe that other Epic related forums were affected, including Paragon, Fortnite, Shadow Complex, and SpyJinx."
In a small sample provided by LeakedSource, it does not appear that there were any passwords stored in either of the data dumps. This has been further confirmed by LeakedSource.
Using the provided sample, I can confirm that the dumps being traded online are legitimate as they contain profile titles and display names that correspond to legitimate users on the Unreal Engine or Epic Games forums. With this said, I still strongly suggest that anyone who has an account on either forum, change their passwords if you use the same password elsewhere.
Epic Games have since taken both forums offline for maintenance, where I am guessing that they are upgrading the vBulletin forums in order to fix any security vulnerabilities.
We have placed our forums in maintenance mode while we investigate the recent compromise.— Epic Games (@EpicGames) August 23, 2016
At this time, Epic Games has not confirmed how the hackers were able to gain access to the company's vBulleting installation. According to Google cache, they were using vBulletin 4.2.2, which has known security vulnerabilities including SQL injection.