Now that the hack is hitting the news, I guess we’ll see if that holds true. If a user had no clue their data was in the hands of bad actors thanks to the site being hacked, then there would be no reason for anyone to contact Lifeboat with a damaging report. In defense of not notifying its users of the breach, another Lifeboat spokesperson told Motherboard, “We have not received any reports of anyone being damaged by this.” It's no wonder I'm kept so busy these days!” The passwords, according to Hunt, had been stored with a weak MD5 hash and were not salted, meaning it was “very close to useless cryptographic storage.” Combine that with Lifeboat not alerting users to the breach, and Hunt said, “I'm not sure that I've seen such a blatant disregard for personal account information before. Even if developers of a new site are careful with setting up account management features, “people will use credentials that will unlock their bank account or, even worse, their email.” Troy Hunt “Like it or not, this is what people do,” Hunt wrote. Regarding the fact that Lifeboat “tried to cover it up,” Hunt said, “Let me put the insanity of this in context: multiple people I contacted were left totally exposed with no idea that their long-held, tried-and-tested password they'd used everywhere was now in the hands of hackers.” Hunt told Motherboard he was notified of the Lifeboat breach by an individual “actively involved in trading who’s sent me other data in the past.” We retain no personal information (name, address, age) about our players, so none was leaked. When this happened early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. Instead, a Lifeboat representative told Motherboard: In fact, it seems likely that Lifeboat didn’t notify any of the more than 7 million users. Why did Hennihenner not change his password after Lifeboat notified him about the breach? Because Lifeboat didn’t notify him about the breach, which occurred in January. But after learning Lifeboat had been breached and his password was floating around in the cyber ether, he got to work changing all his passwords. Watch the whole video to see and get the IP address for the LifeBoat serverFollow us on our group Instagram mastergamingteamFollow Codys main Instagram. It was, and Hennihenner was spooked, worried about accounts he considers important, such as YouTube, Reddit, Twitter and Steam, because he had used the “same password since 2011.” Although he knew it was a “bad idea,” he had justified his password reuse by thinking he only used “safe websites” or thought no one would hack an account that is not connected to money. Hennihenner was notified by Have I Been Pwned’s Troy Hunt to help verify if a new breach was legit. A prime example of that was given by Hennihenner, a self-described “casual gamer” in Germany. The chances are much greater that many people reuse their Lifeboat password for other online sites. Of course it’s not online banking you should pray for the safety of any poor soul using the same password for a game that they use for banking as it likely happens.
0 Comments
Leave a Reply. |