What Happened
In January 2016, Lifeboat, a popular Minecraft community (primarily for Pocket Edition multiplayer servers operated by Hydreon Corporation), suffered a data breach when attackers hacked its servers, exposing account details of over 7 million users—though one source reports up to 11.8 million records including 7 million unique emails, 165,000 unique IP addresses, and 12 million usernames. The compromised data included usernames, email addresses, IP addresses (per some reports), and passwords stored as weak MD5 hashes, which were vulnerable to cracking, especially for weak or reused passwords, raising risks of phishing, credential stuffing, and account takeovers elsewhere. Lifeboat detected the breach internally by late February but delayed public disclosure for three months until April 2016, after security researcher Troy Hunt publicized it via Have I Been Pwned?; instead, they quietly prompted in-game password resets without notifying users of the risks. No financial or personal details like names were exposed, and the attacker remains unidentified, but the incident highlighted poor security practices in gaming communities.
