Troy Hunt, owner of HaveIBeenPwned, just reported that 71,000 user accounts and IP addresses have been leaked from a Minecraft fan website (minecraftworldmap(.)com). The dumps include email addresses, IP addresses, usernames and passwords associated with that site. The leaked passwords were salted and hashed.
Interestingly, more than half of the breached accounts were already breached, as visible by the list provided by HaveIBeenPwned.
In approximately January 2016, the Minecraft World Map site designed for sharing maps created for the game was hacked and over 71k user accounts were exposed. The data included usernames, email and IP addresses along with salted and hashed passwords.
No further information of the breach has been provided, as Troy Hunt only tweeted about the data breach 2 days ago:
What Should I Do to Secure My Passwords?
Option 1: Use a Password Manager
The average password manager would install itself as a browser plug-in and take care of password capture.
How will it work? When you log in to a secure website (HTTPS), the password manager would offer to save your logins. When you come back to that page, the manager will automatically fill in your credentials, and sometimes web forms. Most password managers offer a browser-toolbar menu of all saved logins to make it easier to log in to saved sites.
However, password managers are applications, and applications can be hacked as well. Nothing is completely secure nowadays. So we get to option 2.
Option 2: Improve Your Habits
Perhaps the best way to secure your passwords is the most obvious one – change your passwords frequently and use combinations of letters, numbers, symbols, and upper cases. Complex and long passwords make it difficult for attackers to carry out bruteforcing attacks.
- If your credentials have been compromised in a data breach, don’t recycle your old password. Make sure to create brand new passwords, following the tips above. You can check your passwords’ strength via websites such as PasswordMeter.
- If the online service offers 2-factor authentication, use it! Check whatever additional protection is available and apply it.