Hacked: Hacking Finance

7 Million Minecraft Players Weren’t Told of a Server Hack

Introduction

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.


LATEST POSTS

ChronoPay Looks to Kickstart Bitcoin Adoption in Russia 29th May, 2017

Alleged FBI Hacker Lauri Love Ordered to US Extradition by UK Home Secretary 15th November, 2016

Breaches

7 Million Minecraft Players Weren’t Told of a Server Hack

Posted on .
This article was posted on Wednesday, 15:38, UTC.

Over seven million user accounts from “Lifeboat”, a Minecraft community have been hacked due to the breach the community’s private server, back in January. The gamers, however, weren’t notified of the breach.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

An independent security researcher has revealed that the breach exposed over 7 million users’ email details and that, amazingly, the private network did not inform the users of the breach.

The breach came to light when security researcher Troy Hunt told Motherboard that the data was communicated to him by an anonymous source who is actively involved in trading confidential data that often leads to identity theft.

The breached data includes email address and notably, lowly-hashed passwords which could mean that malicious hackers could plausibly obtain the complete passwords of users from the data.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

As a company, Lifeboat runs private servers offering custom, multiplayer environments of the Minecraft Pocket Edition. To join the community, a user will have to register with a username and password.

In an email statement to Motherboard, a representative for Lifeboard flatly admitted to having known about the breach and came up with what they saw as a solution to the predicament.

When this happened [in] early January, we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act.

It could be argued that Lifeboat made the decision to hold back from publicly revealing the hack for the benefit of the users whilst subtly forcing all users to reset their passwords. However, the password reset endeavor was done “over a period of some weeks,” the representative added while insisting that no personal information was leaked since they aren’t retained by the servers.

Furthermore, the passwords contained in the breach were hashed with the weak MD5 algorithm, which can easily be broken by using simple, freely available password hacking tools that are found online.

Indeed, security researcher Hunt who revealed news of the breach stated:

I was able to easily verify people’s passwords with them simply by Googling them, such is the joy of unsalted MD5.

Hunt runs the popular breach notification website and resource “Have I been Pwned?”, a website that allows users to check if their account has been compromised by any breaches in the past.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Receive New Posts on Email:



Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
Navigation
A hacker group claiming to be the Armada Collective hacker…