Lifeboat Network, a private server service for Minecraft Pocket Edition, was hacked months ago but never informed customers, according to a Motherboard report. After a tip from security researcher Troy Hunt--who runs the mass breach site Have I Been Pwned?--Motherboard reported that more than 7 million users of Lifeboat had their user names, email addresses, and passwords stolen by hackers.
A Lifeboat representative told the site, "When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. We did this over a period of some weeks. We retain no personal information (name, address, age) about our players, so none was leaked."
Article continues below
Motherboard spoke with three Lifeboat users who contradicted the company's version of events, saying they hadn't been asked to change their passwords.
The passwords stolen in the breach were hashed using what Motherboard called "the notoriously weak MD5 algorithm," and Lifeboat claimed that it has since begun using a stronger algorithm to hash passwords. It also said it has not heard of any of its users being hurt by the hack.