Over the weekend, security hacker group OurMine gained access to the Unity 3D database. It doesn’t appear to have caused much more trouble than changing a greeting image on the forum and locking users out, but if you’re a Unity developer, you’d be smart to change your passwords.
UPDATE:
Unity 3D has released the following statement:
On April 30, our public forum website was attacked and successfully compromised due to poorly implemented password routines; our investigations show no theft of passwords in this attack, nor impact to any other Unity service.
The company also announced it will be bringing in two-factor authentication, device authentication, and enabling a per organisation password policy for resets, rotations, and strength, all in the next few weeks.
The above image was part of what greeted users a while ago on the Unity 3D forums. If you headed there afterwards, you’d see the following.
At the time, this is the only official response:
Thanks to everyone that have reached out about our forums being compromised – we are on it!
— Unity (@unity3d) April 30, 2017
A Unity staffer had popped up on Reddit to say the following:
Hi everyone, Unity employee here! I just wanted to chime in to let you know that our team is working vigilantly to get to the bottom of the incident, we will update you all as soon as we can.
You may want to keep an eye on those official sources for updates. It even has a few people over at the Unreal forums worried they might be next. Change your passwords!
Comments
7 responses to “The Unity 3D Forums Have Been Hacked [Updated]”
Updated my password, thanks for the heads up!
Keep us updated! Keen to know what was compromised since im a frequent unity user.
Damn, thought it was unusual for the forums to be down.
Oh no, not my sercurity!
It’s impossible to say what might have been compromised until Unity declares it, but they use Xenforo forum software which has had a few serious vulnerabilities in the last 12 months including SQL injection vectors so it’s possible the whole forum database was grabbed. Hopefully they keep their customer data in a separate database.
That depends on Ourmine. Are they a whitehat hacker grouper? Or a group thats less nice..
I wouldn’t trust anyone with that kind of data, even if they claim they’re white hat. A breach is a breach.
The idiots can’t even spell simple words