![]() ![]() ![]() The lesson: If you care about the security of your accounts, you should really be using strong, unique passwords for each. ![]() "By the way, we recommend short, but difficult to guess passwords. Lifeboat's approach to security appears to be demonstrated in a how-to guide on its website. Naturally, if victims have used the same passwords on other services, such as their email, anyone in possession of the data has a chance of accessing those accounts too. The Lifeboat representative said that the company now uses a stronger hashing algorithm. Motherboard confirmed that one of the hashes provided by Hunt corresponded to an easily guessable password. ![]() "I was able to easily verify people's passwords with them simply by Googling them, such is the joy of unsalted MD5," Hunt said. The three players Motherboard spoke to said they had not received a password reset.Īlthough the passwords in the breach were hashed, they were done so with the notoriously weak MD5 algorithm, meaning that plenty of the passwords could be figured out with the use of online tools. They did not reply when asked to clarify why the company did not inform users. "We have not received any reports of anyone being damaged by this," the representative added in another email. We retain no personal information (name, address, age) about our players, so none was leaked." "We did this over a period of some weeks. "When this happened early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act," a Lifeboat representative said in an email. Lifeboat said it had been aware of the breach for some time. "It's bad that they were breached in the first place, but not telling us about it is even worse," Ali, who said they were from Wisconsin, added. "They either didn't even notice yet or just don't care," said a player named Henni. Looks like they want to keep it, which I guess isn't that fair," one user called Tyler, who said he was from Airdrie, Canada, told Motherboard in an email. "No lifeboat has not notified me of anything. Hunt put Motherboard in touch with several victims of the breach, who said they had not been informed by Lifeboat of the hack. To join the community, players download the normal Pocket Edition app, connect to a Lifeboat server, and register a username with an email address and password. Lifeboat runs servers for custom, multiplayer environments of Minecraft Pocket Edition-the smartphone version of the game-which allow Minecraft players to participate in different game modes, such as capture the flag or survival. "The data was provided to me by someone actively involved in trading who's sent me other data in the past," Hunt, who has verified the data and sent Motherboard a redacted screenshot of some of it, said in an email. Hunt said he will upload the data to his breach notification website "Have I Been Pwned?", which allows people to check if their account is compromised, on Tuesday, and that it includes email addresses and weakly hashed passwords-meaning that hackers could likely obtain full passwords from some of the data. Over seven million user accounts belonging to members of Minecraft community "Lifeboat" have been hacked, according to security researcher Troy Hunt. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |