Minecraft: Pocket Edition Latest News Update: Major Hack Exposes Passwords Of Seven Million Lifeboat Users
Passwords of nearly seven million Minecraft Pocket Edition users have been exposed on the internet after Lifeboat community's servers were hacked.
According to BBC, Lifeboat provides servers for multiplayer Minecraft gameplay. Servers were hacked last year but the incident came to light only recently. Lifeboat claimed it was aware of the hack and tried to 'silently' push its users to change their passwords. The passwords obtained were protected by a weak hashing algorithm that was easy to crack.
Security expert Troy Hunt who runs 'Have I Been Pwned?', posted the breached data on the website to alert users about the safety of their accounts. He said he was intimated about the attack by buyers of breached data which was trading on the dark web.
Many hacked users told Motherboard they were unaware of the attack and fumed at Lifeboat for not intimating them. The company in turn responded that keeping mum was strategy.
"When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act," a Lifeboat representative reportedly said. "We did this over a period of some weeks. We retain no personal information (name, address, age) about our players, so none was leaked," the representative said claiming that there was no damage from the hack.
Hunt blasted Lifeboat for the data breach and argued the company should have informed its users to alert them.
"I saw a security "strategy" this week in the wake of a major data breach which was alarming, to say the least," he wrote. "I want to capture the details of it here and frankly, tear it to shreds because we should never see an organization playing fast and loose with people's data in this way. Hopefully if this strategy is ever considered by others in future they'll stumble across this post and think better of it."