Hackers take millions of Minecraft passwords
29 April 2016
Hackers have gained access to login data for more seven million Minecraft users on the site Lifeboat.
Lifeboat lets members run servers that can be customized, multiplayer maps for the smartphone edition of Minecraft.
There is evidence that the stolen information, including passwords and email addresses is available on websites that trade in hacked data.
Analysis shows that passwords were not adequately secured to allow attackers to easily find them.
Minimise damage
Troy Hunt, an independent security expert, received information regarding the breach. He claimed that he obtained the list from a person who deals with stolen credentials. A number of people had informed him that the information was being circulated on dark net sites.
Mr Hunt said that the data was stolen in early 2016 but the breach has only now been discovered.
He stated that passwords for Lifeboat accounts had been hacked but that the algorithm used offered very little security.
Hashing is a method that encrypts passwords in order to make it difficult to read in the event the data is lost.
He said that a Google search for a hashed passcode will often return the correct plain text value. Popular cracking tools can automate and speed up this process, he said.
He also stated that "a large portion of these passwords will have been converted to plain text within a brief time" in a blog post on the breach.
He also said that this could cause other security issues because many people reuse passwords, so attackers could find out which passwords are being used to compromise accounts on other websites.
In a statement given to Motherboard, Lifeboat said it took steps to minimize the damage.
"When this happened [in] January, we decided the best solution for our player was to force them to reset password, without notifying hackers that they had limited action time," it said to the news site, noting that it now uses more robust hashing algorithms.
Posterkingdom.com
It stated that it did not have any reports of anyone being injured from this.
Mr. Hunt was critical about the company's policy of "quietly" forcing the password reset. He claimed that the policy left him "speechless".
He stated that Lifeboat could have been more proactive in advising users so they could quickly modify passwords if they were used on other sites.
"The first thing that should be on any company's mind after an incident such as this is: 'How can we minimize the damage to our users?" He added.
Minecraft takes a leap into virtual reality
28 April 2016
Beautiful People data sold online
26 April 2016
An estate agent is looking for Minecraft builders
30 March 2016
Minecraft to provide AI a helping hand
14 March 2016
