Privacy News Data for 6 Million Minecraft Gamers Stolen

BoraMurdar

Super Moderator
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Data breach index service LeakedSource has told Softpedia that it has received the full database and source of Leet.cc, a service for creating and running Minecraft Pocket Edition servers.

According to a LeakedSource spokesperson, the database includes records for 6,084,276 users that have signed up with Leet.cc.

For each user, the data included a username, a hashed password, the registration and last login dates, and a user ID. For the vast majority of users, but not for all, there was also an email address associated with their account.

The passwords were hashed using the SHA512 algorithm and each is uniquely salted, LeakedSource told us.

LeakedSource is in the process of cracking the passwords and adding the data it received to its database of breached services which also includes big names such as LinkedIn, MySpace, Twitter, VK, Badoo, and others.

Data breach possible took place after February 5, 2016
The oldest registration date was an entry marked with the 1454644618 Unix timestamp, which converts to Friday, 05 Feb 2016 03:56:58 GMT, a possible date after which the breach might have taken place.

LeakedSource, who received the source code on which the service runs, told Softpedia that in one of the files they opened they found the following message:

/*********************************************************
* Copyright by LEET. *
* Free to use. No modifications allowed. *
* Please contact info@leet.cc if you have any questions.*
********************************************************/
Leet.cc is a service that allows users to sign up, install one of their Android and iOS apps, and create Minecraft Pocket Edition servers where they can meet with selected friends and play.

The same email address included in the file above was also on Leet.cc's homepage. Softpedia has reached out to Leet.cc, but the company has not responded.

Softpedia has also received a sample of the Leet.cc data and attempted to verify with users the accuracy of the listed information. Unfortunately, a large number of users had listed incorrect email addresses or email addresses that expired in the meantime (most Yahoo addresses).

This doesn't mean that the leaked data is not authentic, but that associating the cracked passwords with a real user's identity might be harder for anyone getting ahold of the data.

At this point, LeakedSource provided Softpedia with a new sample dataset with the recently registered users. Our emails didn't bounce when notifying a small number of users from this sample, and we'll update the article with any relevant information we receive from the affected users.

After LeakedSource imports the data in its service, Leet.cc users can search for their email address or username and see if their details were included in the leak.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top