Hackers Steal Millions Of Minecraft Passwords

From MotoGP
Jump to: navigation, search

Hackers steal millions of Minecraft passwords



29 April 2016



Hackers have gained access to login information for more seven million Minecraft users on the site Lifeboat.



Lifeboat members are able to run servers that can create custom maps for Minecraft's smartphone version.



There is evidence that the stolen information, including passwords and email addresses, is being offered on sites that sell stolen data.



Analysis suggests passwords were very vulnerable to attack, and attackers could easily hack them.



Minimise damage



Troy Hunt, an independent security expert, was able to obtain information about the breach. He claimed to have obtained the list from a person who deals in stolen credentials. A number of people had informed him that the data was circulating on dark net websites.



Hunt claimed that the data was stolen in 2016 but that the breach is recently being discovered.



He said that passwords for Lifeboat accounts had been hacked but that the algorithm used provided very little protection. 03no



Hashing is a method to scramble passwords so they are not easily read when the data is lost.



In most cases, he said it is the case that it is the case that a Google search for a password hashed will instantly give the correct plain text value. Well-known cracking tools could automate and speed up this process, he said.



He also stated that "a large portion of these passwords would need been converted to plain text in a short amount of time" in a blog post about the breach.



This can cause other security problems the expert said, as many people reuse passwords, so finding out one can lead attackers to compromise accounts on other websites.



Motherboard was supplied with a written statement from Lifeboat saying that it had taken the necessary steps to mitigate the damage.



"When this happened in January in the beginning, we decided that the best option for our players was to silently make a password reset, without notifying the hackers that they had time to take action," it told the news site adding that it now used stronger hashing algorithms.



It said that it did not have any reports of anyone being hurt by this.



Mr. 03no Hunt was dissatisfied with the company's decision to "quietly" forcing the password reset, saying that this policy left him "speechless".



Instead, he said, Lifeboat should have done more to notify users so they could quickly change passwords if they had the same password on other websites.



"How can we reduce the harm to our users?" is the first thing that any company should consider following an incident such as this. 03no He said.



Minecraft takes a leap into virtual reality



28 April 2016



Beautiful People data available online



26 April 2016



An estate agent is hiring Minecraft builders



30 March 2016



Minecraft to provide AI assistance



14 March 2016