Over the weekend, security hacker group OurMine gained access to the Unity 3D database. It doesn’t appear to have caused much more trouble than changing a greeting image on the forum and locking users out, but if you’re a Unity developer, you’d be smart to change your passwords.
Unity 3D has released the following statement:
On April 30, our public forum website was attacked and successfully compromised due to poorly implemented password routines; our investigations show no theft of passwords in this attack, nor impact to any other Unity service.
The company also announced it will be bringing in two-factor authentication, device authentication, and enabling a per organisation password policy for resets, rotations, and strength, all in the next few weeks.
The above image was part of what greeted users a while ago on the Unity 3D forums. If you headed there afterwards, you’d see the following.
At the time, this is the only official response:
Thanks to everyone that have reached out about our forums being compromised – we are on it!— Unity (@unity3d) April 30, 2017
A Unity staffer had popped up on Reddit to say the following:
Hi everyone, Unity employee here! I just wanted to chime in to let you know that our team is working vigilantly to get to the bottom of the incident, we will update you all as soon as we can.
You may want to keep an eye on those official sources for updates. It even has a few people over at the Unreal forums worried they might be next. Change your passwords!