Data breach index service
LeakedSource has told Softpedia that it has received the full database and source of
Leet.cc, a service for creating and running Minecraft Pocket Edition servers.
According to a LeakedSource spokesperson, the database includes records for 6,084,276 users that have signed up with Leet.cc.
For each user, the data included a username, a hashed password, the registration and last login dates, and a user ID. For the vast majority of users, but not for all, there was also an email address associated with their account.
The passwords were hashed using the SHA512 algorithm and each is uniquely salted, LeakedSource told us.
LeakedSource is in the process of cracking the passwords and adding the data it received to its database of breached services which also includes big names such as LinkedIn, MySpace, Twitter, VK, Badoo, and others.
Data breach possible took place after February 5, 2016
The oldest registration date was an entry marked with the 1454644618 Unix timestamp, which converts to Friday, 05 Feb 2016 03:56:58 GMT, a possible date after which the breach might have taken place.
LeakedSource, who received the source code on which the service runs, told Softpedia that in one of the files they opened they found the following message:
/*********************************************************
* Copyright by LEET. *
* Free to use. No modifications allowed. *
* Please contact
info@leet.cc if you have any questions.*
********************************************************/
Leet.cc is a service that allows users to sign up, install one of their Android and iOS apps, and create Minecraft Pocket Edition servers where they can meet with selected friends and play.
The same email address included in the file above was also on Leet.cc's homepage. Softpedia has reached out to Leet.cc, but the company has not responded.
Softpedia has also received a sample of the Leet.cc data and attempted to verify with users the accuracy of the listed information. Unfortunately, a large number of users had listed incorrect email addresses or email addresses that expired in the meantime (most Yahoo addresses).
This doesn't mean that the leaked data is not authentic, but that associating the cracked passwords with a real user's identity might be harder for anyone getting ahold of the data.
At this point, LeakedSource provided Softpedia with a new sample dataset with the recently registered users. Our emails didn't bounce when notifying a small number of users from this sample, and we'll update the article with any relevant information we receive from the affected users.
After LeakedSource imports the data in its service, Leet.cc users can search for their email address or username and see if their details were included in the leak.