Over seven million user accounts belonging to gamers and members of a Minecraft community called “Lifeboat” have been hacked, according to an independent security researcher.
In a report by Motherboard, security researcher Troy Hunt has claimed that the login credentials and account details belonging to over seven million Minecraft Pocket Edition gamers, the mobile version of the popular game, had been hacked back in January.
The data hack includes email address and weakly hashed passwords, which means hackers are more than likely to obtain the complete passwords from some of the data.
Without revealing his source’s identity, Hunt stated:
The data was provided to me by someone actively involved in trading [possibly in underground forums] who has sent me other data in the past.
When Lifeboat was contacted by the publication, it had stated that it was aware of the breach for some time. This means that the gaming network clearly chose not to publicize the breach.
When this happened early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act.
Claiming that the password reset process occurred over few weeks, the representative for Lifeboat added, “We retain no personal information about our players, so none was leaked.
The company insists that it hadn’t received any reports from any players that damage had been done as a result of the breach but did not respond to queries form Motherboard as to why they did not inform users of the breach.
Related read: Gaming Plug-In Leaves Millions of PCs Vulnerable
While the passwords were hashed, they were done so with the notoriously weak MD5 algorithm, which means that plenty of the passwords can easily be figured out with online tools.
Troy Hunt stated how easy it was for him to verify users’ passwords.
I was able to easily verify people’s passwords with them simply by Googling them, such is the joy of unsalted MD5.
Lifeboat’s take on cybersecurity is revealed on its how-to guide on its website.
It reads: “By the way, we recommend short, but difficult to guess passwords. This is not online banking.
Image credit: Flickr.