Unity forums hacked
Engine maker blames poorly implemented password routines, says it will roll out two-factor authentication in coming weeks
Unity today confirmed its forums were targeted by hackers over the weekend.
"On April 30, our public forum website was attacked and successfully compromised due to poorly implemented password routines; our investigations show no theft of passwords in this attack, nor impact to any other Unity service," Unity director of security Andreas Haugsnes said in a post about the incident. "However, the attack did result in defacement of the site (which has since been fixed) and subsequent messaging to all of our registered forum users."
Haugsnes went on to detail new security features and policies the company will roll out in the coming weeks, including two-factor authentication for its services (including the forums), alerts to notify users when new devices log in with their account, and new requirements regarding passwords.
"We're sorry," Haugsnes said. "We know you put your trust in us. We will learn from our mistakes."
As for how the hack came to light, Unity users (including Hidden Folks developer Adriaan de Jongh) reported receiving emails from Unity's account in which a group called OurMine said it hacked the site and had access to a database of 2 million users. The email also recommended users change their passwords.