Minecraft users have to change their passwords ASAP because Lifeboat company didn’t disclose about the data breach that took place in early 2015.
Lifeboat, a platform that provides gamers with an option to run servers for playing customised and multiplayer version of Minecraft has been hacked and login details of seven million users have been stolen. The data is now available for sale on Dark Web and Lifeboat has confirmed the breach.
The stolen data includes personal information of gamers including their login emails and passwords. An important fact about the breach is that it took place in 2015 but the company decided to hide it from the users, however, the security researcher Troy Hunt got hold of the list of affected users along with the data, reports the BBC.
LifeBoat didn’t inform users until a security researcher found out the data
”When this happened early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. If they alerted people about passwords being reset they would’ve basically been telling the hackers to hurry up and ALL data would’ve been stolen,” according to a statement released by LifeBoat.
Hunt is the same researcher who earlier found data of 1.1 Million users from Beautiful People dating site and 4.8 million kids data from Toy Manufacture VTech. Hunt believes that the Lifeboat servers had poor security and passwords were weakly hashed using an MD5 algorithm which allowed hackers to simply decrypt the passwords by Googling them. Lifeboat at the other hand asked users to reset their passwords without informing them about the breach and that their personal data has been stolen but gamers on the social media aren’t happy with the company’s decision. Here are some of the tweets where gamers are showing their anger over the breach and poor security from LifeBoat.
Alert Gamers: RAT Activity Identified in Steam Stealer Malware Scam Fallout 4 Pirated Copy Leads To Bitcoin Theft⚠ If you used your Lifeboat account password for any other services, please change them now ⚠ pic.twitter.com/H4302cOWwl
— Lifeboat Network ⛵ (@LifeboatNetwork) April 27, 2016
@lifeboatmc and you knew aboyt this for SEVEN months? Good thing I don’t use my password for anything
— HopefulZebra (@Panda_MC3) April 27, 2016
@lifeboatmc @SurvivalHiveDE No, that wasn’t the real problem. The real problem is you guys not caring enough to tell your users about it.
— hcherndon @ Hypixel (@hcherndon) April 27, 2016
@lifeboatmc Sad that a community that apparently cares about it’s players soooo much is just releasing this now ALMOST 4 MONTHS LATER!!! Smh
— Cajun (@Cajun_MCPE) April 27, 2016
@lifeboatmc I WAS HACKED!!!!!AND 7,000,000 MORE!! pic.twitter.com/eHXOzo6Ji2
— KingEpicTheGamer (@KingEpicYT) April 27, 2016