Lifeboat Was Hacked and Millions of Minecraft Accounts Were Exposed

Those of you who enjoy playing Minecraft: Pocket Edition and are members of the game’s community websites might want to change your passwords, as a security researcher has recently discovered that a group of hackers has targeted the Lifeboat website. The attack took place back in January, and it looks like more than 7 million accounts were potentially compromised as a result. Even though the website itself functions independently from the main game, one of its main purposes is to run servers for custom multiplayer environments of Minecraft: Pocket Edition, which is the mobile version of the renowned block building game.

In order to join the Lifeboat community, users need to download the Minecraft Pocket Edition app and then choose to connect to a Lifeboat server using an email address, a username, and a password. According to security researcher Troy Hunt, the compromised data includes weakly hashed passwords, which is bad news. The problem is that many users have a bad habit of using the same password for multiple accounts, whether we’re talking about games or websites. Obviously, many of them use the same email as well, as this makes it easier to keep track of all accounts, which means that a hacker could easily log into a Minecraft account once he has the login information of a Lifeboat account.

Speaking of Lifeboat, the website has decided to keep the attack quiet and instead “force a password reset without letting the hackers know they had limited time to act.” As you can probably imagine, the decision is somewhat controversial. If you want to see if your account was compromised, you can always visit Troy Hunt’s “Have I Been Pwned” website.