Security Alerts & News
by Tymoteusz A. Góral

History
#665 7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat
As security breaches go, they don't get more vexing than this: 7 million compromised accounts that protected passwords using woefully weak unsalted MD5 hashes, and the outfit responsible, still hadn't disclosed the hack three months after it came to light. And as if that wasn't enough, the service recommended the use of short passwords. That's what Motherboard reported Tuesday about Lifeboat, a service that provides custom multiplayer environments to gamers who use the Minecraft mobile app.

The data circulating online included the e-mail addresses and hashed passwords for 7 million Lifeboat accounts. The mass compromise was discovered by Troy Hunt, the security researcher behind the Have I been pwned? breach notification site. Hunt said he had acquired the data from someone actively involved in trading hacked login credentials who has provided similar data in the past.

Hunt reported that some of the plaintext passwords users had chosen were so weak that he was able to discover them simply by posting the corresponding MD5 hash into Google. As if many users' approach to password selection weren't lackadaisical enough, Lifeboat's own Getting started guide recommended "short, but difficult to guess passwords" because "This is not online banking."
Read more
#665 7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat
#664 Steam patches broken crypto in wake of replay, padding Oracle attacks
#663 Firefox 46 patches critical memory vulnerabilities
#662 Cisco: Tuto4PC utilities silently install 12M mackdoors
#661 RuMMS: The latest family of Android malware attacking users in Russia via SMS phishing
#660 Hundreds of Spotify credentials appear online – users report accounts hacked
#659 Hacking group “PLATINUM” used Windows’ own patching system against it
#658 If you use Waze, hackers can stalk you
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12