Minecraft news » Pocket Edition: Lifeboat Accounts Compromised, 7M Players Affected

It was recently reported by Troy Hunt, security expert at HaveIBeenPwned, that a little over 7 million Pocket Edition players who use Lifeboat to play on multiplayer servers together had their login information compromised. While unfortunate, the surprising part is when the breach took place: in January 2016.

Shortly after the breach, Lifeboat forced a password reset across their network, causing players to generate new passwords. Despite this, reports suggest many players never received a password reset request. Despite the breach, Lifeboat chose not to inform any of their players, which poses serious security risks to anyone using the service who may be using that same password elsewhere, including primary emails, Facebook, and more.

The passwords were encrypted using an MD5 hash, which is evidently very easy to crack with a cursory Google search.

Lifeboat runs servers for custom, multiplayer environments of Minecraft Pocket Edition, which allows players to participate in different game modes, such as capture the flag or survival. To join the community, players download the normal Pocket Edition app, connect to a Lifeboat server, and register a username with an email address and password.

Pocket Edition players resetting their passwords should choose short, but difficult-to-guess passwords, and ideally have a unique password.