(Data) Mined Craft

Originally reported at www.hotforsecurity.com

Over seven million users of Minecraft Pocket Edition‘s independent “Lifeboat” community may have had their privacy and security put at risk. Hackers have breached the Lifeboat servers and stolen usernames, email addresses, and MD-5 hashed passwords.

It’s important to note that this only affects the smartphone edition of Minecraft. And only the members of the Lifeboat community. But still, over seven million people are members of the community.

The worst part, however, is the breach occurred early in January and Lifeboat didn’t inform their users! In an interview with Motherboard, Lifeboat stated: “When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. We did this over a period of some weeks. We retain no personal information (name, address, age) about our players, so none was leaked.”

Basically, in the last four months people’s personal information, emails, and who knows what else has been in the hands of online criminals. Lifeboat knew about this, but didn’t tell their users. Did it never occur to them that people use one password for multiple things? Like an Ebay or Amazon account?

It’s get even worse though. Take a look at a section of their Getting Started guide.

“You will then be prompted for a password and an email. Use a real email– You will need to use it if if you ever forget your password, so be sure it is valid. By the way, we recommend short, but difficult to guess passwords. This is not online banking.”


Yes, they recommend short passwords. And if you ever use the same passwords for your banking, personal email, or any online accounts, you may have problems.

Users are now being notified of the breach.