2 min read

7 million Minecraft Pocket Edition players put at risk after Lifeboat hack

Graham CLULEY

April 27, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
7 million Minecraft Pocket Edition players put at risk after Lifeboat hack

Over seven million members of the independent Minecraft “Lifeboat” community have had their security and privacy put at risk after hackers breached servers and stole usernames, email addresses and MD5-hashed passwords.

It’s important to note that only players of the smartphone edition of Minecraft were affected, and even then only if they were members of the independent “Lifeboat” community, which runs a variety of servers offering free-to-play multi-player games on the Minecraft platform.

All the same, Lifeboat has over seven million users. And unsalted MD5 hashes are a notoriously weak way to secure passwords, making it trivial for criminals to crack.

To make matters worse, as Lifeboat tells Motherboard, the security breach happened in January – and the company did not inform its users that an incident had occurred and that gamers would be wise to ensure they were not using the same passwords anywhere else on the web:

“When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. We did this over a period of some weeks. We retain no personal information (name, address, age) about our players, so none was leaked.”

In short, for the last four months passwords belonging to members of the Lifeboat community have been in the hands of online criminals, who could have used them to break into innocent people’s other online accounts. Lifeboat knew about this, but didn’t tell its users.

Could a worse picture be painted of how well Lifeboat was caring for its users?

Well, yes. Perhaps it could.

Check out this section of Lifeboat’s “Getting Started” guide:

“You will then be prompted for a password and an email. Use a real email” You will need to use it if if you ever forget your password, so be sure it is valid. By the way, we recommend short, but difficult to guess passwords. This is not online banking.”

lifeboat-password

Yup, they recommended short passwords… Quite what they perceive the benefit to be of short passwords for anyone other than criminals trying to crack them I cannot imagine.

And yes, Lifeboat isn’t an online bank.

But if you use the same password on Lifeboat as your eBay, Amazon, GMail or any other online account – then you can easily see why such sloppy security practices by even a gaming site could be disastrous. Especially if you don’t bother to tell your users that there’s an issue…

Getting hacked is bad enough. Not telling your users is unforgivable.

Thank heavens security researcher Troy Hunt, who runs the HaveIBeenPwned breach notification service, was contacted by someone who had access to the data, and users are now being informed of the risk.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet
Silviu STAHIE

February 08, 2023

2 min read
Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read