Fans of the popular game Minecraft: Pocket Edition should start worrying as a security researcher has discovered that hackers targeted the game's community website in January. The fan site Lifeboat for Minecraft: Pocket Edition was hacked earlier this year and the data of over 7 million accounts remains at risk.
Minecraft fan site Lifeboat hack exposes 7 million accounts
Minecraft is a hugely popular block-building game from Microsoft. Lifeboat, however, is an independent site that runs servers for custom, multiplayer environments of Minecraft Pocket Edition (the mobile version of the game), allowing players to participate in different game modes. Fans of the game download the Minecraft Pocket Edition app, connect to a Lifeboat server using a username, an email address and a password to join the community.
This stolen data, which includes weakly hashed passwords, remains at large, security researcher Troy Hunt said in an email to Motherboard. Hunt will upload the data to his site "Have I Been Pwned?", which will help the victims check if their accounts have been compromised.
“The data was provided to me by someone actively involved in trading who's sent me other data in the past," Hunt.
Lifeboat hasn't informed its users about this breach, which happened in January. “When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act,” a Lifeboat representative said in an email. However, password reset doesn't fix the issue since if any players did suspect strange activity in their accounts, they wouldn't probably track it back to Lifeboat without the site informing its users.
“No lifeboat has not notified me of anything. Looks like they want to keep it [quiet], which I guess isn't that fair,” Tyler, one victim of the breach said. Talking to Motherboard, another victim Ali said "it's bad that they were breached in the first place, but not telling us about it is even worse."
If you use Lifeboat, head over to HaveIBeenPwned.com in the next few days to check if your email address is part of the breach. In any case, it is advisable for all the Lifeboat users to change their passwords, especially if you are in the lazy habit of using the same one for multiple sites.