A private server provider for the mobile version of Minecraft has admitted that more than seven million account details were stolen in January.
Lifeboat Network requires users to sign up with an email address and password before they use its servers on Minecraft Pocket Edition.
Security researcher Troy Hunt told Motherboard that the company’s data was breached back in January, exposing millions of users’ information – but stated that the firm failed to notify any users of the attack.
“When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act,” a representative for Lifeboat explained.
“We did this over a period of some weeks. We retain no personal information (name, address, age) about our players, so none was leaked. We have not received any reports of anyone being damaged by this.”
However, Hunt said that the passwords accessed by the hackers were only encrypted using MD5 hashing, allowing him to decode them using easily available online tools.
Lifeboat said that it had implemented a stronger algorithm in response to the situation.