Hackers have reportedly targeted Lifeboat and stolen login credentials of about seven million users, the Minecraft’s site that gives players with the option of running servers on the smartphone version.
Minecraft Hacked, 7 Million Passwords Stolen
The data stolen from Lifeboat is reportedly put on sale on the dark web. Lifeboat confirmed that it was aware of the data breach, but it preferred not to disclose it to the users.
Moreover, the data breach also consisted of information about email and passwords of gamers. To recall, Minecraft was hacked in 2015, however news about the breach has appeared now, according to BBC, the security researcher, Toy Hunt who has a list of Lifeboat member’s stolen credentials.
“When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. We did this over a period of some weeks. We retain no personal information (name, address, age) about our players, so none was leaked. We have not received any reports of anyone being damaged by this” spokesperson for Lifeboat said.
Lifeboat passwords were comprehended to have been weakly hashed using an MD5 algorithm. It also permitted any person to find and verify user’s passwords by simply Googling it, according to Hunt. Later, Lifeboat ordered users to reset their passwords after they revealed the breach. However, they prefered not to alert the users of this hack, in a bid to keep the hackers in the dark. They may have thought that alerting the general public would continuously alert the hackers directing them to act in hurry and steal all the data.
Lifeboat claimed that the data breach resulted in minimal damage since they are yet to get reports from anyone affected by the hack.