April 27, 2016 by

7 Million Minecraft Gamer Accounts Hacked

Over seven million user accounts belonging to gamers and members of a Minecraft community called “Lifeboat” have been hacked, according to an independent security researcher.

In a report by Motherboard, security researcher Troy Hunt has claimed that the login credentials and account details belonging to over seven million Minecraft Pocket Edition gamers, the mobile version of the popular game, had been hacked back in January.

The data hack includes email address and weakly hashed passwords, which means hackers are more than likely to obtain the complete passwords from some of the data.

Without revealing his source’s identity, Hunt stated:

The data was provided to me by someone actively involved in trading [possibly in underground forums] who has sent me other data in the past.

When Lifeboat was contacted by the publication, it had stated that it was aware of the breach for some time. This means that the gaming network clearly chose not to publicize the breach.

When this happened early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act.

Claiming that the password reset process occurred over few weeks, the representative for Lifeboat added, “We retain no personal information about our players, so none was leaked.

The company insists that it hadn’t received any reports from any players that damage had been done as a result of the breach but did not respond to queries form Motherboard as to why they did not inform users of the breach.

Related read: Gaming Plug-In Leaves Millions of PCs Vulnerable

While the passwords were hashed, they were done so with the notoriously weak MD5 algorithm, which means that plenty of the passwords can easily be figured out with online tools.

Troy Hunt stated how easy it was for him to verify users’ passwords.

I was able to easily verify people’s passwords with them simply by Googling them, such is the joy of unsalted MD5.

Lifeboat’s take on cybersecurity is revealed on its how-to guide on its website.

It reads: “By the way, we recommend short, but difficult to guess passwords. This is not online banking.

 Image credit: Flickr.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Hackers Steal Compromising Photos from High-Profile Plastic Surgeon

Hackers have broken into a high-profile plastic surgeon in London to steal a cache of sensitive...

Read more arrow_forward

Fake Software Updates Can Lead To Stolen Keychains On Apple Products

  Recently there has been a small uptick in the occurrences in fake software updates, in...

Read more arrow_forward

Hackers Can Breach a Facebook Account with a Phone Number

Security researchers have proven that a Facebook account can be compromised with an unauthorized...

Read more arrow_forward