Hackers Steal Millions Of Minecraft Passwords

From Pediascape
Jump to: navigation, search

Hackers take millions of Minecraft passwords



29 April 2016



Hackers have gained access to login data for more seven million Minecraft users on the site Lifeboat.



Members of Lifeboat can run servers that can create custom multiplayer maps for Minecraft's smartphone version.



Evidence suggests that stolen data including email addresses and passwords, is being sold by websites that trade in hacked files.



The analysis shows that passwords were weakly secured so that attackers could easily identify them.



Minimise damage



Troy Hunt, an independent security expert, received details about the breach. He claimed that he obtained the list from someone who deals in stolen credentials. Many people had told him the data was circulating on dark net sites.



Mr. Hunt claimed that the data was stolen at the beginning of 2016, but the breach has only just been made public.



He claimed that passwords for Lifeboat accounts had been hashed but the algorithm used offered very little security.



Hashing is a technique used to encrypt passwords so that they aren't easily read when the data is lost.



In most cases, he said that it is the case that a Google search for a password that has been hashed would immediately return the correct plain text value. He added that well-known hacking tools could be able to automate this process and accelerate it.



He said that "a significant portion of those passwords would need to be reverted into plain text in a short period of time" in a blog post on the breach.



This can lead to other security issues He said this because many people re-use passwords so that they can be exposed to attackers to compromise accounts on different websites.



Motherboard was given a statement from Lifeboat stating that it had taken steps to minimize the damage. Server tracker



"When this happened [in] January, we decided the best thing for our player was to quietly force a reset password, without letting hackers know they had limited action time," it said to the news site, stating that it now uses stronger hashing algorithms.



It said: "We have not received any reports of anyone being hurt by this." Server tracker



Mr Hunt was unhappy with the company for "quietly" forcing the password re-set saying the policy rendered him "speechless".



Instead he suggested, Lifeboat should have done more to notify users to change passwords if they had the same password on other sites.



"The first thing to be on the mind of every company following an incident like this is: 'How can we minimise the damage to our users?'" He said.



Minecraft leaps into virtual reality



28 April 2016



Beautiful People data available online



26 April 2016



An estate agent is hiring Minecraft builders



30 March 2016



Minecraft to give AI a helping hand



14 March 2016

Retrieved from "https://pediascape.science/index.php?title=Hackers_Steal_Millions_Of_Minecraft_Passwords&oldid=3362596"