14 DAY TRIAL // Data breach index service LeakedSource has told Softpedia that it has received the full database and source of Leet.cc, a service for creating and running Minecraft Pocket Edition servers.
According to a LeakedSource spokesperson, the database includes records for 6,084,276 users who have signed up with Leet.cc.
For each user, the data includes a username, a hashed password, the registration and last login dates, and a user ID. For the vast majority of users, but not for all, there is also an email address associated with their account.
The passwords were hashed using the SHA512 algorithm, and each is uniquely salted, LeakedSource has told us.
LeakedSource is in the process of cracking the passwords and adding the data it received to its database of breached services, which also include big names such as LinkedIn, MySpace, Twitter, VK, Badoo, and others.
Data breach possible took place after February 5, 2016
The oldest registration date was an entry marked with the 1454644618 Unix timestamp, which converts to Friday, 05 Feb 2016 03:56:58 GMT, a possible date after which the breach might have taken place.
LeakedSource, who received the source code on which the service runs, has told Softpedia that, in one of the files they opened, they found the following message:
/*********************************************************
* Copyright by LEET. *
* Free to use. No modifications allowed. *
* Please contact [email protected] if you have any questions.*
********************************************************/
Leet.cc is a service that allows users to sign up, install one of their Android and iOS apps, and create Minecraft Pocket Edition servers where they can meet with select friends and play.
The same email address included in the file above was also on Leet.cc's homepage. Softpedia has reached out to Leet.cc, but the company has not responded.
Softpedia has also received a sample of the Leet.cc data and attempted to verify with users the accuracy of the listed information. Unfortunately, a large number of users had listed incorrect email addresses or email addresses that expired in the meantime (most Yahoo addresses).
This doesn't mean that the leaked data is not authentic, but that associating the cracked passwords with a real user's identity might be harder for anyone getting ahold of the data.
At this point, LeakedSource has provided Softpedia with a new sample dataset with the recently registered users. Our emails didn't bounce when notifying a small number of users from this sample, and we'll update the article with any relevant information we receive from the affected users.
After LeakedSource imports the data in its service, Leet.cc users can search for their email address or username and see if their details were included in the leak.
It is important to remember that purchasers of third-party Minecraft Pocket Edition servers have had their (Leet.cc) account details leaked, not their Minecraft accounts. If users reused the passwords for others services, it may be a good idea to change the credentials for those accounts, along with their current Leet.cc password.