Tuesday, 6 September 2016

On 00:11 by admin   No comments
Lifeboat, a platform that provides gamers with an option to run servers for playing customised and multiplayer version of Minecraft suffered a data breach in January 2016 in which login details of seven million users were stolen. Now, someone has leaked the stolen data or Dark Web and other underground hacking forums and researchers at data breach notification company Hacked-DB have grabbed it.
The breach was actually discovered by Troy Hunt of haveibeenpwned but at that time the data was only available at his platform while LifoBoat, on the other hand, didn’t bother to inform its users until the news about this breach went public in April 2016. However, just when Lifeboat thought the nightmare is over; the data has gone public creating yet another issue for the company.
According to a statement back in April LifeBoat said that,
“When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. If they alerted people about passwords being reset they would’ve basically been telling the hackers to hurry up and ALL data would’ve been stolen.”
The data was scanned and analysis by researchers at Hacked-DB.com and here’s the result:
The total number of compromised unique accounts is 7,235,619. The data structure includes username, email address and password with the MD5 hash algorithm. 
The MD5 encryption algorithm that is used at the database to encrypt the passwords is ineffective at all since it can be decrypted very easily. Think of MD5 as an algorithm which is equivalent to clear-text. This kind of information can lead to various attacks and impersonation to gain more information and data. 
Hacked-DB also mentioned that the data was stolen somewhere in January 2016 and only now it surfaced on the web.
Here is a screenshot from LifeBoat data for readers:


Post a comment