Hackers have reportedly targeted Lifeboat and stolen login credentials of about seven million users.
The data stolen from Lifeboat have been put on sale on the dark web. Lifeboat confirmed that it was aware of the data breach, but it preferred not to disclose it to the users.
Moreover, the data breach contained the login information like emails and passwords of the users. To recall, Minecraft was hacked in 2015, however news about the breach has appeared now, according to BBC, the security researcher, Toy Hunt has listed the list of members who’s credentials were stolen.
“When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. We did this over a period of some weeks. We retain no personal information (name, address, age) about our players, so none was leaked. We have not received any reports of anyone being damaged by this” said the Lifeboat personal.
Lifeboat passwords were comprehended to have been weakly hashed using an MD5 algorithm. According to Hunt, It have accessed any person to find and verify user’s passwords by simply Googling it. Later, Lifeboat ordered users to reset their passwords after they revealed the breach. However, they prefered not to alert the users of this hack, in a bid to keep the hackers in the dark. They may have thought that alerting the general public would continuously alert the hackers directing them to act in hurry and steal all the data.
Lifeboat claimed that the data breach resulted in minimal damage since they are yet to get reports from anyone affected by the hack.