About this week's data loss

[Hyrage]

All those virtual crimes are starting to get on my nerves. It's such a huge lack of respect regarding gamers and game developers, that's pathetic.

[Sly.]

True word! I still don't get their motives!

[mmartina]

I hate Hackers they need to get a life

[Onyx Guarrd]

Was wondering what went on.
This hacking stuff is getting ridiculous.

[|Grayfox|]

I wonder if they do try to hack Xbox Live will they really hack it.

I am sure Microsoft would have beefed up the protection after the PSN issue.

Plus thier is not proof that the codemasters and this are done by the PSN hackers.

[Reginald]

Was too late to change had to use different account. Bugger!

[onethought]

I'm guessing all the database errors in the last few weeks (which I kept seeing when I tried to checkup on the forums) was this guy mapping out / testing the site.

It's pretty sad that talented people who can hack put their effort into doing this. I always wonder what they could do if they actually tried to do something useful.

[Endgame]

Sorry to hear about all of this. IDK why hackers like to put people in misery. They're so rude.

[N3M3SIS]

U guys think that the hackers were the same as the ones that hacked sony and tried to hack nintendo ?

I DONT FEEL SAFE ANYMORE xD, The world will end if they manage to hack paypal

[TBR Niko Jims]

Hey, someone is posting videos of Gears of War 3 on YouTube. One of them shows the very beginning of campaign and the other the characters and camo's. Don't know if you guys at Epic saw the vids yet or not. Hopefully he doesn't upload the whole campaign like what happened to Halo Reach.

[PunCrathod]

I was wondering how they hacked my email(stupid me reusing about 5 different passwords randomly in different sites). Luckily I have high security features and just knowing my password isn't going to let you chance anything(for that you need other passwords)... only lets you read and send emails...
Noticed the hack when one of my friends said I sent him spam mail... took about 30 seconds to chance the password. Then spent next 12 hours trying to find out how they hacked it but couldn't until today when the password reset email came in.

[snake12]

What a shame! This was such a nice feature and I already got used to it

EDIT: Is that you coolcat???

yes i got this new name

[UTPlayer529th]

They should do something more productive than hacking into this website, like updating Unreal Tournament III

lol

could it have to do with Anonymous ?

[asmodeus]

Were they doing something stupid like using CentOS* as a host?

* CentOS just went 3 three months without a security update.

[Linkinworm]

god these hackers going through all the games communities are pissing me off now, i have to change my password on everything im signed upto that i care about thinking of new stupid passwords that are random as hell. i hope everyone who has been hacked can put their efforts together to get the sons of *****es

[Anubis 'Shadowgod']

Oh man, stupidity never takes a end and idiots will never die out, this crap is just another example, how stupid people can be!

Got a message yesterday already, but this message was in my SPAM folder and I never open SPAM mails, so I deleted it and later I finally got a message in my real mail folder and there I was enlightened. My old password was replaced with a code, so I replaced this code with something I can keep better in mind.

The good thing is that everything seems to work again, which I'm very happy about!

[Trailboss3]

Password changed, thanks your Flakness

@Sioux: done any voice work lately? I always thought the stuff you did for the UT games was really cool

[Crusha K. Rool]

I also get kicked out of my account (cookie expired?) and couldn't login with my password anymore or request a password reset with my email address.
But luckily I could contact the admin via mail and have been long enough around here to have enough personal connection to some of the Epic crew to authenticate myself, so Flak immediately helped me to get back into my account.

[BOZZO]

That's pretty good, mean like...evolution... , instead just ban an account.
Remembering my first CD-KEY banned about 5 years ago, and without providing reason in anyway, and as I remember were many others... .
So, if I am not wrong, that's also pretty lame to lame... .
Regards.

[Sly.]

yes i got this new name

Oh, I feel sorry for you.
Maybe you could contact Flak and prove that it's you by talking about something that just you two could know (a conversation, maybe you have some saved PMs somewhere on your PC that were not in your account that you could quote in the PM?). If the proof is believable you could tell her your actual e-mail address and ask her to reset the password. At least you would have a chance to get your old account back

[Crusha K. Rool]

Wait? Which Snake is that? Is it the Solid Snake? Because he should not have any problem to prove his identity since he does all the stuff for the UDN.

[Sly.]

No, apparently it's coolcat from the UT3 forum section

[Undead Paradox]

I hate hackers.
I'm happy though that everything's under control and back to normal.

[Sly.]

Hackers in itself are not bad - they're only bad when they do something bad.

In this case those hackers/this hacker was really an §"%=)("§$€#.

But in other cases they also help to make websites and programs secure.

[Sly.]

Contact Flak per PM and ask her to remove you.

[andreg]

Yea the Sony hack seems to have become a public calling to hack anything remotely game-related; oh well, free security penetration testing.

There are many hidden costs of breaches. Attackers maintain access to internal networks and systems for 5 years on average, according to stats from Verizon Business, Trustwave, and the Anti-Phishing Working Group -- and many other attackers will follow them in, looking for more trouble to cause.

Most organizations affected by breaches like this one require application security consultants that use SAST and DAST e.g. HP Fortify WebInspect On-Demand, Veracode, and IBM Rational Appscan On Demand. Many competitors (e.g. Sony, EA) use appsec consulting companies such as Cigital, Aspect Security, and nVisium Security.

I suggest assessing your MySQL infrastructure using a fast tool such as nmap, configured with additional NSE script checks such as found on this blog — http://www.cqure.net/wp/2011/06/usin...ysql-database/ -- and hardening MySQL with little-known security features, such as these suggestions from the Core Security Patterns blog — http://www.coresecuritypatterns.com/blogs/?p=970

You can assess your external web applications with an open-source tool such as Wapiti, Andiparos, or the OWASP Zed Attack Proxy (ZAP). Your PHP source code can be assessed using the open-source PHP RIPS scanner (probably one of the easiest ways to locate troublesome file inclusion, XSS, or SQL injection vulnerabilities).

While web application firewalls will not prevent contextual output encoding problems such as found in SQL injection and Cross-Site Scripting — they can whitelist input and also monitor for these sorts of issues in order to detect when an attack is in progress (which may or may not be useful during a breach, but it may allow you to be more proactive). The free, open-source ModSecurity web application firewall is excellent to put into monitoring mode — and should be placed in your network as a reverse proxy if at all possible (the embedded version only works with the Apache web server). You can get alerts from ModSecurity to OSSEC, and in turn from OSSEC to your SIEM (OSSIM is a good open-source SIEM if you don’t already have one) — http://holisticinfosec.blogspot.com/...urity-and.html — and not only that, but you can also leverage OSSEC with MySQL as well — http://blog.rootshell.be/2011/01/07/...ty-with-ossec/

The LAMP stack doesn’t necessarily make you more vulnerable to these attacks, but an outdated LAMP stack could definitely increase your attack surface and the capabilities of data exfiltration. My primary suggestion would be to replace Apache with Nginx so that you can run the Roboo anti-DDoS and anti-webapp-hacking tool. I also highly suggest the Django-Security framework (mentioned here along with many other secure framework components — http://software-security.sans.org/bl...ure-frameworks ) if the goal is to replace or augment existing LAMP stack technologies.

Best of luck during these hard times.

[Unreal4Eva]

I just changed my password too

[Linkinworm]

everyone is hard over the internet but i bet if anyone met the hackers in real life they could beat them up cos there just some weedy geeks with no life

[Crimson TideAOC]

I would like to add that this has recently just happened to the sega forums, so possible it is people trying to find people with the same passwords for multiple sites.

I suggest that people change passwords on sites with the same as here.

if anyone is still reading this...

[Sly.]

Using the same password for several forum accounts when you have the same username there isn't such a wise decision though. As you can see, everything can happen.

[WanderlustX2]

Just curious if anyone else has started getting any spam? This was the only thing I'm aware of that recently occurred and the past 2 or 3 days I've started getting a load of spam, luckily most of it is getting filtered. I don't sign up for anything with this email other than trusted sources, which seems to be loose these days. Obviously it could be someone that hates me and has it but just curious if anyone else has seen anything.

[Sly.]

Not that I'm aware of.

[-=Reclaimer=-]

I know I am probably late to this party, however thanks Epic for at least announcing the breach. These things do happen, I am just glad I use proxy emails and random non reusable passwords for my social sites, as it makes potential PII loss a low risk for me.

[-=Reclaimer=-]

Just curious if anyone else has started getting any spam? This was the only thing I'm aware of that recently occurred and the past 2 or 3 days I've started getting a load of spam, luckily most of it is getting filtered. I don't sign up for anything with this email other than trusted sources, which seems to be loose these days. Obviously it could be someone that hates me and has it but just curious if anyone else has seen anything.

The email I used prior to the breach has not been spammed. You can incorporate what I do if you are worried. I compartmentalize my online activities. Meaning I have certain emails for certain things. I have a personal email I use for work and to connect with friends, I have a heavily password/two-factor email I use for sensitive things such as online commerce, I have an email for trusted online sites (Epic forums) and one for non trusted sites, basically a trash email used for sites I will only visit once or what have you.

It may seem like a lot of work, however filters are so good these days, I can get important emails from all of them automatically forwarded to my main email. And in the event one gets compromised as was the case with the epic email, it is easy to cut losses and get back up and running.

Also only use a password once.