In early January, over 7 million user accounts belonging to members of the Minecraft community "Lifeboat" had been hacked. Lifeboat runs servers for custom, multiplayer environments for Minecraft Pocket edition - the smartphone version of the game which allows players to play in different game modes.
It appears that even though the passwords in the breach were hashed, they were done so by using the MD5 algorithm which is known for being weak, meaning that plenty of the passwords can be deciphered with the use of online tools, a Linux command line, or even a simple hashing program which takes an input as text and then converts that to an MD5 hash.
Naturally as many of us do, that same password might be used for more than just the one account, meaning that anyone in possession of the data now has a chance of accessing the users other accounts as well.
Examples like these show why we should not be using the same password for multiple accounts. We should really be using strong, unique passwords for each. That way, when a breach occurs on one service (and evidence shows that breaches are occurring with increasing frequency) hackers will only be able to access that specific account, reducing the area of compromise.
Read more about Passwords and you.
“I was able to easily verify people's passwords with them simply by Googling them, such is the joy of unsalted MD5,” Hunt said. Motherboard confirmed that one of the hashes provided by Hunt corresponded to an easily guessable password. The Lifeboat representative said that the company now uses a stronger hashing algorithm. Naturally, if victims have used the same passwords on other services, such as their email, anyone in possession of the data has a chance of accessing those accounts too.