Hackers Steal Millions Of Minecraft Passwords


Hackers are able to steal millions of Minecraft passwords



29 April 2016



Hackers have accessed login data for more seven million Minecraft users on the site Lifeboat.



Lifeboat lets players run servers with custom multiplayer maps for the smartphone edition of Minecraft.



Evidence suggests that stolen data including email addresses and passwords is being provided by websites that trade in hacked files.



Analyses show that passwords were not secure enough to allow attackers to easily access them.



Minimise damage



The information about the breach was shared with an independent security expert Troy Hunt who said he received the list from a person who deals in stolen credentials. He was told by several individuals that the data was being circulated through dark web sites.



Hunt claimed that the data was stolen in 2016 but that the breach is only recently being discovered.
servers



Passwords for Lifeboat accounts were hacked according to the report, but the algorithm used provided little protection.



Hashing is a technique that is used to encrypt passwords so that they are not easily read in the event that the password is lost.



He said that a Google search for a password that has been hashed would often return the correct plain text value. Popular cracking tools can automate and speed up the process, he added.



He said that "a large portion of those passwords would need to be reverted into plain text within a brief time" in an article on his blog about the breach.



This can lead to other security problems the expert said, as many people re-use passwords so the discovery of one password can lead attackers to compromise accounts on other sites.



In a letter to Motherboard, Lifeboat said it took action to limit the damage.



"When this happened [in] January, we determined that the best thing for our player was to force them to reset password without notifying hackers that they had limited action time," it said to the news site, noting that it has now adopted stronger hashing algorithms.



It said that it had not received any reports of anyone being affected from this.



Mr Hunt was unhappy with the company for "quietly" forcing the password reset saying this policy left him "speechless".



Instead the site, he said, Lifeboat should have done much more to alert users so that they could swiftly change passwords if they used the same one on other websites.



"The first thing to be on the mind of every company after an incident such as this is'How can we minimise the damage to our users?'" He added.



Minecraft makes virtual reality a reality



28 April 2016



Beautiful People data sold online



26 April 2016



An estate agent is looking for Minecraft builders



30 March 2016



Minecraft to aid AI



14 March 2016

Created: 03/09/2022 09:17:51
Page views: 130
CREATE NEW PAGE