Lifeboat has something to worry about — Perhaps it should inform users how the stolen 7 Million accounts from January 2016 breach have surfaced online now?
Lifeboat, a platform that provides gamers with an option to run servers for playing customised and multiplayer version of Minecraft suffered a data breach in January 2016 in which login details of seven million users were stolen. Now, someone has leaked the stolen data or Dark Web and other underground hacking forums and researchers at data breach notification company Hacked-DB have grabbed it.
The breach was actually discovered by Troy Hunt of haveibeenpwned but at that time the data was only available at his platform while LifoBoat, on the other hand, didn’t bother to inform its users until the news about this breach went public in April 2016. However, just when Lifeboat thought the nightmare is over; the data has gone public creating yet another issue for the company.
According to a statement back in April LifeBoat said that,
“When this happened early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. If they alerted people about passwords being reset they would’ve basically been telling the hackers to hurry up and ALL data would’ve been stolen.”
Analysis:
The data was scanned and analysis by researchers at Hacked-DB.com and here’s the result:
The total number of compromised unique accounts is 7,235,619. The data structure includes username, email address and password with the MD5 hash algorithm.
The MD5 encryption algorithm that is used at the database to encrypt the passwords is ineffective at all since it can be decrypted very easily. Think of MD5 as an algorithm which is equivalent to clear-text. This kind of information can lead to various attacks and impersonation to gain more information and data.
Hacked-DB also mentioned that the data was stolen somewhere in January 2016 and only now it surfaced on the web.
Here is a screenshot from LifeBoat data for readers:
2016 has been a very bad year for tech, gaming and social media giants. Earlier this year, hackers stole and sold 427 Million MySpace passwords on the same dark web marketplace; in May 2016, 117 million LinkedIn and 33 million Twitter login credentials were listed on a dark web marketplace for sale.
Meanwhile in the gaming world, forums like Dota 2, Grand Theft Auto, Epic Games, and Clash of kings also suffered massive data breaches due to a flaw in vBulletin’s outdated version.
Suggest ideas, report typos and corrections to [email protected]