Minecraft fan site Lifeboat hacked: 7M accounts exposed

Your security is always at risk online, and now it’s fans of the game Minecraft: Pocket Edition that should start worrying.

Hackers targeted the community website Lifeboat for Minecraft: Pocket Edition in January and extracted sensitive information for more than 7 million accounts, according to online security expert Troy Hunt (via Vice). Minecraft is the megapopular block-building game from Microsoft, but Lifeboat is an independent site that offers players a way to gather together online using multiplayer servers. This does not affect the desktop version of Minecraft. Stolen data often ends up on the Dark Web — a portion of the Internet that is hidden and anonymous — where hackers and criminals sell illicit goods and information. Before world governments came together to shut it down in 2013, the Silk Road website operated on the Dark Web and generated more than $30 million in revenue.

If you use Lifeboat, you can check the HaveIBeenPwned.com database within the next few days to see if your email address is a part of the breach. But it’s advisable that all Lifeboat users change all of their passwords if you use that login information on any other site.

We’ve reached out to Lifeboat for a comment, but the site has no announcement about the breach on its homepage. The community did recently force everyone to reset their passwords.

New breach: In Jan, the Minecraft community "Lifeboat" had 7M accounts exposed. 6% were already in @haveibeenpwned https://t.co/LGaAniJH32

— Have I Been Pwned (@haveibeenpwned) April 26, 2016

If someone gets your login information for Lifeboat, they could easily build a script to use those credentials on more sensitive sites like your email, your bank account, or your Facebook. That could lead to even deeper issues like identity theft.

“We have not received any reports of anyone being damaged by this,” a Lifeboat spokesperson said in a statement to Vice.

But it’s not likely that anyone would know that their email and password are available online without Lifeboat telling them in the first place. And if someone is seeing strange activity in their accounts, they would probably not track it back to Lifeboat without knowing about the original hack.

This is another reminder that you should not use the same password on more than one site.