UPDATED 14:18 EDT / APRIL 26 2016

NEWS

Minecraft server data breach leaks the personal information of 7 million unaware users

Minecraft is a fun and incredibly popular game, with an active user base and several communities dedicated to it. Unfortunately, one of those communities has been struck by hackers, as a Lifeboat data breach resulted in the theft of over seven million Minecraft gamers’ user information.

Lifeboat, a small company that runs a server for the mobile version of Minecraft, was hacked some time in January. Softpedia reports that the company triggered a “silent password reset” in response, so as to presumably protect user data.

That, however, is not the same as actually contacting users about the data breach, many of whom did not actually receive a password reset notification. In fact, Motherboard reports that many victims of the breach were not aware it had occurred at all, as they were never contacted.

As such, millions of users were unaware that their information was being sold on the Dark Web, including usernames, email addresses, and passwords. The good news is, the free-to-play game did not have any financial information. It does not collect personal information, such as names or addresses, so identity theft will not be an issue.

The passwords, however, were hashed by MD5, which is incredibly easy to break. While Lifeboat now uses a stronger hashing algorithm, those already leaked have no further protection. As many people tend to use identical or similar passwords across multiple sites and accounts, it would be easy for any of the thieves to break into a victim’s email account or any other website using a similar password.

As Motherboard notes, it’s important to use unique passwords on every account. That way, when a theft such as this occurs, only one account will be compromised. Security experts Alexa Huth, Michael Orlando, and Linda Pesante agree, in the United States Computer Emergency Readiness Team document “Password Security, Protection, and Management.”

“Even if the attacker gets the password for a relatively non-sensitive account; he or she can reuse it on sites where, for example, billing, payment, health, and other private information is stored. Using the same pattern for your passwords is also risky. By learning your current password structure, attackers can increase their
chances of guessing passwords for critical websites such as your bank account or your company’s email account.

“Use a different password for each website you access. A password manager — essentially an encrypted database— can help you store all these unique passwords and passphrases in one safe, well-protected place.”

There are many factors to consider when regarding password managers, such as cost and risks, but it’s better than using the same password every time.

With that in mind, Minecraft users on the Lifeboat server can safely start changing their passwords. It is unfortunate that Lifeboat did not think to notify its users, but the damage is done, and recovery can begin.

Photo by mureut.kr


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU