Hackers Smuggle Millions Of Minecraft Passwords
Hackers are able to steal millions of Minecraft passwords
29 April 2016
Hackers have accessed login data for more seven million Minecraft users on the site Lifeboat.
Lifeboat lets users run servers for customised, multiplayer maps for the mobile version of Minecraft.
There is evidence that the stolen information, including passwords and email addresses is available on websites that sell stolen data.
Analysis suggests passwords were very vulnerable to attack, and attackers could easily crack them.
Minimise damage
Troy Hunt, an independent security expert, was able to obtain information about the breach. He claimed that he obtained the list from someone who deals with stolen credentials. Several people had told him the data was available on dark net websites.
Mr Hunt said the data was stolen at the beginning of 2016, but the breach has only recently been made public.
He claimed that passwords for Lifeboat accounts had been washed but that the algorithm used offered very little security.
Hashing is a technique that is used to scramble passwords so they cannot be read easily when the data is lost.
He added that a Google search for a hashed passcode would typically give the correct plain text value. He suggested that well-known cracking tools could automate the process and accelerate it.
"A large proportion of those passwords will be reverted to plain text within a short period of time," he said in a blog post about the breach.
He added that this could result in other security issues due to the fact that many people use the same passwords for multiple sites and attackers can figure out which one is being used to hack accounts on other websites.
Motherboard was supplied with a written statement from Lifeboat saying that it had taken steps to mitigate the damage.
"When this happened early January, we decided that the best thing for our players was to request a password reset without letting the hackers know they had time to take action," it told the news site adding that it was now using stronger hashing algorithms.
It said that it had not received any reports that anyone was hurt by this.
Mr. Hunt was critical of the company for "quietly" forcing the password re-set saying this policy made him "speechless".
He stated that Lifeboat should have done more to notify users so that they could swiftly modify passwords if they were used on other sites.
"The first thing a company should be thinking about following an incident like this, is "How can we reduce the damage to our customers?" he said.
Minecraft transforms virtual reality into a reality
28 April 2016
Beautiful People data available online
26 April 2016
An estate agent is hiring Minecraft builders
30 March 2016
Minecraft to aid AI
14 March 2016