Hackers are reported to have stolen login details of over
seven million members of Lifeboat, the Minecraft site that provides
players with the option of running servers for playing customised and
varied versions of the game on the smartphone edition. The data is now
believed to be on sale on the dark web. Lifeboat confirmed that it was
aware of the data breach but chose not to inform those affected.
The data breach included information about gamers' email and passwords.
hacked in early 2015 but information about the breach has emerged only
now, thanks to security researcher Troy Hunt, who has a list of Lifeboat
members' stolen credentials,
as reported by the BBC.
A spokesperson for Lifeboat said: "When this happened [in]
early January we figured the best thing for our players was to quietly
force a password reset without letting the hackers know they had limited
time to act. We did this over a period of some weeks. We retain no
personal information (name, address, age) about our players, so none was
leaked. We have not received any reports of anyone being damaged by
this."
Lifeboat passwords were understood to have been weakly hashed using
an MD5 algorithm. According to Hunt, this essentially allowed anyone to
discover and verify people's passwords simply by Googling it. Lifeboat
requested gamers to reset their passwords after they uncovered the
breach. However, they choose not to alert the users about the hack, in
efforts to keep the hackers in the dark. They may have feared that
alerting the public would also simultaneously alert the hackers pushing
them to act in haste and steal all the data.
Lifeboat maintains that the data breach caused minimal damage since
they are yet to receive reports from anyone affected by the hack.
Comments
Post a Comment