The Minecraft community Lifeboat has been hacked. The breach exposes more than 7 million account details without the owners knowing, making the incident more troubling.
The news was initially shared by Motherboard, saying that the hacked data was verified and provided by security researcher Troy Hunt of Have I Been Pwned website. He said the data was handed over by "someone" who is "actively involved in trading" and who also previously provided him other data.
Hunt made the data available on Have I Been Pwned site to let members of Lifeboat check if their account is impacted by this breach.
The leaked data include not only members' email addresses but passwords that are described "weakly hashed" as well.
Lifeboat, in the meantime, sent out a statement to Motherboard confirming that the attack took place in January.
"When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act," said the company.
Lifeboat went on to say that it did this for a few weeks. It also assured that no personal details, such as name, age and address, were leaked. On top of that, Lifeboat said it hasn't received reports yet about damages caused by the hacking incident.
Motherboard also managed to reach out to some of the members who were affected by the incident to check if Lifeboat contacted them to tell that their accounts had been compromised. Hunt gave the site some users' details. It seems, however, that these affected members were not informed.
One user, named Tyler, who is from Canada said Lifeboat did not notify him of "anything."
"Looks like they want to keep it [quiet], which I guess isn't that fair," said Tyler.
Another member, named Ali, who is from Wisconsin, told the site that it is bad Lifeboat was hacked, "but not telling [members] about it is even worse."
When asked why Lifeboat did not notify its members regarding the breach, Motherboard says the company did not reply.
In the meantime, Lifeboat said it is now using a stronger hashing algorithm to safeguard its members.