Minecraft is a popular and highly-praised sandbox game that encourages players to create and explore virtual worlds. As of June of 2016, Minecraft had sold more than 106 million copies and maintained a player base of over 40 million players on numerous servers each month. One such server, Lifeboat, was hacked in early 2016, putting the passwords of seven million users at risk.
The Lifeboat Hack
The Lifeboat server supports player activities for the smartphone version of Minecraft, called Minecraft: Pocket Edition. According to Minecraft representatives, hackers stole information from seven million Lifeboat accounts in January of 2016, potentially gaining access to user passwords. Although Minecraft passwords are encrypted, Lifeboat had chosen to hash passwords with a notoriously weak algorithm called MD5. This made it easy to use available online resources to decode stolen passwords, despite attempts to protect them. Once hackers had determined a user’s password, they could potentially gain access to all other accounts that required the same password.
A Quiet Affair
Although the hack took place in January, Lifeboat administrators chose to keep it quiet. Rather than announcing to users that their accounts had been hacked, game administration simply required affected players to reset their passwords shortly after the hack occurred. Although this action protected the vulnerable accounts, it still allowed hackers to continue using passwords that might gain them access to other online accounts. However, Lifeboat administrators maintain that the stolen information is not a concern, as the server doesn’t retain personal information about its users, which should render the stolen passwords useless. While there have been no reports of unauthorized access via these stolen passwords, many users remain unhappy that they were not informed of the breach at the time it occurred.