Unreal Engine

The hackers infiltrated the systems of Unreal Engine by SQL injection vulnerability which allowed the hacker to get access to the full database.

A hacker has stolen thousands of forum accounts associated with Unreal Engine and its maker, Epic Games.

The hacker acquired usernames, scrambled passwords, email addresses, IP addresses, birthdates, join dates, their full history of posts and comments including private messages, and other user activity data from both sets of forums.

They immediately investigated the incident and took preventive steps.

Source: https://www.zdnet.com/article/southwest-airlines-has-cancelled-20000-flights-now-for-the-really-bad-news/

TPRM report: https://scoringcyber.rankiteo.com/company/unreal-engine-for-design-visualization

"id": "unr211631522",
"linkid": "unreal-engine-for-design-visualization",
"type": "Breach",
"date": "08/2016",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'Thousands',
                        'industry': 'Gaming',
                        'name': 'Epic Games',
                        'type': 'Company'}],
 'attack_vector': 'SQL Injection',
 'data_breach': {'data_encryption': 'Scrambled Passwords',
                 'data_exfiltration': True,
                 'number_of_records_exposed': 'Thousands',
                 'personally_identifiable_information': ['usernames',
                                                         'email addresses',
                                                         'IP addresses',
                                                         'birthdates',
                                                         'join dates'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['usernames',
                                              'scrambled passwords',
                                              'email addresses',
                                              'IP addresses',
                                              'birthdates',
                                              'join dates',
                                              'post history',
                                              'comments',
                                              'private messages',
                                              'other user activity data']},
 'description': 'Hackers infiltrated the systems of Unreal Engine by '
                'exploiting an SQL injection vulnerability, gaining access to '
                'the full database and stealing thousands of forum accounts '
                'associated with Unreal Engine and its maker, Epic Games.',
 'impact': {'data_compromised': ['usernames',
                                 'scrambled passwords',
                                 'email addresses',
                                 'IP addresses',
                                 'birthdates',
                                 'join dates',
                                 'post history',
                                 'comments',
                                 'private messages',
                                 'other user activity data'],
            'systems_affected': 'Forum Systems'},
 'initial_access_broker': {'entry_point': 'SQL Injection Vulnerability'},
 'investigation_status': 'Investigated and Preventive Steps Taken',
 'motivation': 'Data Theft',
 'post_incident_analysis': {'root_causes': 'SQL Injection Vulnerability'},
 'threat_actor': 'Hacker',
 'title': 'Unreal Engine Forum Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'SQL Injection Vulnerability'}