Need quality web hosting? Try Servercrate- we use them too!

[Lifeboat] Lifeboat Hack: 7 MILLION Accounts Compromised.

If you’ve used LBSG, we urge all users to change passwords for any services using the same password.

You can check if your account was compromised by visiting haveibeenpwned.com.


Motherboard recently reported that the Lifeboat Survival Games network had been hacked, with over 7 million users having their password data stolen. The leaked data included usernames, email addresses and insecure passwords.

 

LBSG knew about the breach, but absurdly didn’t notify any users. They told Motherboard this:

“When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act,” a Lifeboat representative said in an email. “We did this over a period of some weeks. We retain no personal information (name, address, age) about our players, so none was leaked.”

“We have not received any reports of anyone being damaged by this,” the representative added in another email. They did not reply when asked to clarify why the company did not inform users.

The passwords had only been encrypted using the extremely weak and insecure MD5 algorithm, which can be easily unencrypted in seconds. Security researcher Troy Hunt, who discovered the hack, said he “was able to easily verify people’s passwords with them simply by Googling them, such is the joy of unsalted MD5”. LBSG stated they now use a much more secure hashing algorithm.

If users have used the same password on other services, such as email or Twitter, it is trivial for attackers to access any of these accounts. Though Lifeboat states they “have not received any reports of anyone being damaged by this”, it would be near impossible to know the cause of a breached account anyway, especially if that cause was kept quiet.


Edit: Since this article’s publish, some Lifeboat staff members have contacted us. One privately told us that “every email that is stored in our database is being notified [of the breach]”, and also stated that it is not an easy task and they want to ensure everything is sorted out. Another admitted that they now understand it was the wrong decision to keep the breach private, but was somewhat defensive. Though it is many months too late, it is good to see that they are now taking action and accepting some responsibility.

10 Comments | Show comments | Hide comments

  • Mining CT commented on 24/05/2017 Reply

    This is awesome

  • Steeiiiiieev commented on 08/07/2016 Reply

    Hmm I’d like to point out that my friends and I never received a single email from lifeboat about the security breach.

  • lol12345gaming commented on 23/06/2016 Reply

    I had vip+too and now i cant join

  • lol12345gaming commented on 23/06/2016 Reply

    Me too

  • Private commented on 14/06/2016 Reply

    Read my bottom comment below first for my comments to make sense.

  • Private commented on 14/06/2016 Reply

    For example: if LBSG let everyone hack, everyone would!
    They kind of do, with their easy to breach system. Simply downloading a hack will breach it. Sorry, LBSG, but kicking me for “flying” (climbing a ladder) will not secure your system.

  • Private commented on 14/06/2016 Reply

    I really do have the right to blame LBSG, since every time I go on one of their servers I can count at least two hackers.

  • cristian commented on 30/04/2016 Reply

    I love you

  • Beast Mode Gaming commented on 29/04/2016 Reply

    Soo that’s why that the lbsg servers messed up …

    Oh no … I had VIP+

    • mimo12345 commented on 25/03/2017 Reply

      how did u got a vip+ ?

Leave a Reply

Your email address will not be published. Required fields are marked *