April 27, 2016 by

7 Million Minecraft Gamer Accounts Hacked

Over seven million user accounts belonging to gamers and members of a Minecraft community called “Lifeboat” have been hacked, according to an independent security researcher.

In a report by Motherboard, security researcher Troy Hunt has claimed that the login credentials and account details belonging to over seven million Minecraft Pocket Edition gamers, the mobile version of the popular game, had been hacked back in January.

The data hack includes email address and weakly hashed passwords, which means hackers are more than likely to obtain the complete passwords from some of the data.

Without revealing his source’s identity, Hunt stated:

The data was provided to me by someone actively involved in trading [possibly in underground forums] who has sent me other data in the past.

When Lifeboat was contacted by the publication, it had stated that it was aware of the breach for some time. This means that the gaming network clearly chose not to publicize the breach.

When this happened early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act.

Claiming that the password reset process occurred over few weeks, the representative for Lifeboat added, “We retain no personal information about our players, so none was leaked.

The company insists that it hadn’t received any reports from any players that damage had been done as a result of the breach but did not respond to queries form Motherboard as to why they did not inform users of the breach.

Related read: Gaming Plug-In Leaves Millions of PCs Vulnerable

While the passwords were hashed, they were done so with the notoriously weak MD5 algorithm, which means that plenty of the passwords can easily be figured out with online tools.

Troy Hunt stated how easy it was for him to verify users’ passwords.

I was able to easily verify people’s passwords with them simply by Googling them, such is the joy of unsalted MD5.

Lifeboat’s take on cybersecurity is revealed on its how-to guide on its website.

It reads: “By the way, we recommend short, but difficult to guess passwords. This is not online banking.

 Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Hackers Steal $400,000 of Cryptocurrency in DNS Hijack

Unknown hackers have hijacked the DNS server for web-based wallet application BlackWallet, an online...

Read more arrow_forward

Hackers Steal Compromising Photos from High-Profile Plastic Surgeon

Hackers have broken into a high-profile plastic surgeon in London to steal a cache of sensitive...

Read more arrow_forward

Fake Software Updates Can Lead To Stolen Keychains On Apple Products

  Recently there has been a small uptick in the occurrences in fake software updates, in...

Read more arrow_forward