![]() ![]() ![]() The three players Motherboard spoke to said they had not received a password reset.Īlthough the passwords in the breach were hashed, they were done so with the notoriously weak MD5 algorithm, meaning that plenty of the passwords could be figured out with the use of online tools. They did not reply when asked to clarify why the company did not inform users. "We have not received any reports of anyone being damaged by this," the representative added in another email. We retain no personal information (name, address, age) about our players, so none was leaked." "We did this over a period of some weeks. "When this happened early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act," a Lifeboat representative said in an email. Lifeboat said it had been aware of the breach for some time. "It's bad that they were breached in the first place, but not telling us about it is even worse," Ali, who said they were from Wisconsin, added. "They either didn't even notice yet or just don't care," said a player named Henni. ![]() Looks like they want to keep it, which I guess isn't that fair," one user called Tyler, who said he was from Airdrie, Canada, told Motherboard in an email. "No lifeboat has not notified me of anything. Hunt put Motherboard in touch with several victims of the breach, who said they had not been informed by Lifeboat of the hack. To join the community, players download the normal Pocket Edition app, connect to a Lifeboat server, and register a username with an email address and password. ![]() Lifeboat runs servers for custom, multiplayer environments of Minecraft Pocket Edition-the smartphone version of the game-which allow Minecraft players to participate in different game modes, such as capture the flag or survival. "The data was provided to me by someone actively involved in trading who's sent me other data in the past," Hunt, who has verified the data and sent Motherboard a redacted screenshot of some of it, said in an email. Hunt said he will upload the data to his breach notification website "Have I Been Pwned?", which allows people to check if their account is compromised, on Tuesday, and that it includes email addresses and weakly hashed passwords-meaning that hackers could likely obtain full passwords from some of the data. However, despite Lifeboat's claims of a site-wide password reset, many users contacted in relation to the breach responded negatively, saying that they did not receive any such reset email, or a notification when entering the game or connecting to a Lifeboat server.Over seven million user accounts belonging to members of Minecraft community "Lifeboat" have been hacked, according to security researcher Troy Hunt. "By the way, we recommend short, but difficult to guess passwords. Even then, the security flaw story continues, with Lifeboat advising their users to create short passwords – literally the opposite of widely accepted password generation practice. Lifeboat neglected to do this seemingly basic task, instead deciding that as the breached data contained no financial information, triggering a silent site-wide password reset would likely suffice. Letting the users know their private email address and password for their account has unfortunately been acquired by a potentially malicious entity. When a company experiences a data breach involving the personal details of its users, the common course of action is to inform them. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |