7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat

0
233

(credit: Lifeboat ) As security breaches go, they don’t get more vexing than this: 7 million compromised accounts that protected passwords using woefully weak unsalted MD5 hashes, and the outfit responsible, still hadn’t disclosed the hack three months after it came to light. And as if that wasn’t enough, the service recommended the use of short passwords. That’s what Motherboard reported Tuesday about Lifeboat , a service that provides custom, multiplayer environments to gamers who use the Minecraft mobile app. The data circulating online included the e-mail addresses and hashed passwords for 7 million Lifeboat accounts. The mass compromise was discovered by Troy Hunt, the security researcher behind the Have I been pwned? breach notification site. Hunt said he had acquired the data from someone actively involved in trading hacked login credentials who has provided similar data in the past. Hunt reported that some of the plaintext passwords users had chosen were so weak that he was able to discover them simply by posting the corresponding MD5 hash into Google. As if many users’ approach to passwords were lackadaisical itself, Lifeboat’s own Getting started guide recommended “short, but difficult to guess passwords” because “This is not online banking.” Read 3 remaining paragraphs | Comments

More:
7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat

LEAVE A REPLY

Please enter your comment!
Please enter your name here

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.