![]() If you want to see if your account was compromised, you can always visit Troy Hunt’s “Have I Been Pwned” website. Speaking of Lifeboat, the website has decided to keep the attack quiet and instead “force a password reset without letting the hackers know they had limited time to act.” As you can probably imagine, the decision is somewhat controversial. Obviously, many of them use the same email as well, as this makes it easier to keep track of all accounts, which means that a hacker could easily log into a Minecraft account once he has the login information of a Lifeboat account. The problem is that many users have a bad habit of using the same password for multiple accounts, whether we’re talking about games or websites. According to security researcher Troy Hunt, the compromised data includes weakly hashed passwords, which is bad news. In order to join the Lifeboat community, users need to download the Minecraft Pocket Edition app and then choose to connect to a Lifeboat server using an email address, a username, and a password. Even though the website itself functions independently from the main game, one of its main purposes is to run servers for custom multiplayer environments of Minecraft: Pocket Edition, which is the mobile version of the renowned block building game. The attack took place back in January, and it looks like more than 7 million accounts were potentially compromised as a result. Thank heavens security researcher Troy Hunt, who runs the HaveIBeenPwned breach notification service, was contacted by someone who had access to the data, and users are now being informed of the risk.Those of you who enjoy playing Minecraft: Pocket Edition and are members of the game’s community websites might want to change your passwords, as a security researcher has recently discovered that a group of hackers has targeted the Lifeboat website. Especially if you don’t bother to tell your users that there’s an issue… Yup, they recommended short passwords… Quite what they perceive the benefit to be of short passwords for anyone other than criminals trying to crack them I cannot imagine.īut if you use the same password on Lifeboat as your eBay, Amazon, GMail or any other online account – then you can easily see why such sloppy security practices by even a gaming site could be disastrous. By the way, we recommend short, but difficult to guess passwords. Use a real email” You will need to use it if if you ever forget your password, so be sure it is valid. “You will then be prompted for a password and an email. ![]() ![]() Lifeboat knew about this, but didn’t tell its users.Ĭould a worse picture be painted of how well Lifeboat was caring for its users?Ĭheck out this section of Lifeboat’s “Getting Started” guide: ![]() In short, for the last four months passwords belonging to members of the Lifeboat community have been in the hands of online criminals, who could have used them to break into innocent people’s other online accounts. We retain no personal information (name, address, age) about our players, so none was leaked.” “When this happened early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. To make matters worse, as Lifeboat tells Motherboard, the security breach happened in January – and the company did not inform its users that an incident had occurred and that gamers would be wise to ensure they were not using the same passwords anywhere else on the web: And unsalted MD5 hashes are a notoriously weak way to secure passwords, making it trivial for criminals to crack. Lifeboat Survival Games is the largest Minecraft multiplayer community for a reason Come join our community of gamers. It’s important to note that only players of the smartphone edition of Minecraft were affected, and even then only if they were members of the independent “Lifeboat” community, which runs a variety of servers offering free-to-play multi-player games on the Minecraft platform.Īll the same, Lifeboat has over seven million users. Over seven million members of the independent Minecraft “Lifeboat” community have had their security and privacy put at risk after hackers breached servers and stole usernames, email addresses and MD5-hashed passwords.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |