Seven million Lifeboat accounts hacked, tried to keep it quiet

With thousands and thousands of community-run forums and communities based around Minecraft, at least one was bound to have bad security. For those who aren't aware, Lifeboat is a major Minecraft Pocket Edition server network, with (at the time of the hack) over seven million accounts registered.

Security researcher Troy Hunt informed several websites a few days ago about the hack, saying “The data was provided to me by someone actively involved in trading who's sent me other data in the past.” He also added the list of affected users to his "Have I been pwned" tool, allowing anyone to check if their information had been leaked.

After obtaining a list of affected users, Troy contacted several Lifeboat members to ask if Lifeboat had informed them about the hack. They all said Lifeboat had made no attempt to inform their users about the breach in security.

Lifeboat had hoped that simply keeping it a secret and making a few users reset their passwords would fix the problem. “When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act,” a Lifeboat representative said in an email. “We did this over a period of some weeks. We retain no personal information (name, address, age) about our players, so none was leaked.”

The only problem is, not every user was asked to reset their password. And every minute users don't know about a leak, that's another moment a hacker could have retrieved their password and login with their account. And many users likely used their typical password for Lifeboat too - meaning their other online accounts were at risk.

Click over to the source link below for more information, and in the future, we at Powered by Redstone heavily recommend not making accounts at Lifeboat. Not only did they get hacked, they put the security of their users at risk by not telling them.

Source: Vice

Comments

  1. I actually used to play lifeboat lot, and especially at the time of the hack. And I did use my main password at the time of the password reset :/

    What should I do!?

    ReplyDelete
  2. Change your main password on all your other online accounts as quickly as possible.

    ReplyDelete

Post a Comment