DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Leet.cc data hacked in February publicly dumped

Posted on October 3, 2016 by Dissent

In August, LeakedSoure informed Softpedia that it had received the full database and source of Leet.cc, a service for creating and running Minecraft Pocket Edition servers. According to Softpedia at the time, there were over 6 million users’ records, consisting of username, hashed password, registration date, last login date, and user ID. “For the vast majority of users, but not for all, there was also an email address associated with their account,” Cimpanu reported.

As Cimpanu also reported, there was talk that the hack had actually occurred back in February. A search of Twitter reveals that “Anthrax” had claimed responsibility for the hack and that Leet.cc was aware of it in February:

@leet_cc Did you know about this? pic.twitter.com/NPCzSfVSBg

— NerdyProductionz (@NerdyPlayZMC) February 9, 2016

Leet.cc responded that they were aware and  working on it:

@NerdyPlayZMC Yes, we are testing and upgrading our security systems at the moment. You might see this often during this test period

— LEET Servers (@leet_cc) February 9, 2016

Somewhere between February and September 29, however, there appears to have been another, more limited, breach, as HaveIBeenPwned.com reported:

Leet

In August 2016, the service for creating and running Pocket Minecraft edition servers known as Leet was reported as having suffered a data breach that impacted 6 million subscribers. The incident reported by Softpedia had allegedly taken place earlier in the year, although the data set sent to HIBP was dated as recently as early September but contained only 2 million subscribers. The data included usernames, email and IP addresses and SHA512 hashes.

Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity

On September 29, the larger (February) database was made publicly available by “Anthrax” (@anthraxiation), who tweeted:

LEET CC DB IS NOW PUBLIC mega.nz/#!QMUXEAgA

AND @PoodleCorp DB mega.nz/#!NE9zBYYD

PM me for passwords

— Anthrax (@anthraxiation) September 29, 2016

The database, a copy of which was obtained by DataBreaches.net, contains 6,085,759 records. There are 5,089,066 email addresses. DataBreaches.net did not attempt to identify or delete any duplicate records. DataBreaches.net sent inquiries to a small sample of the email addresses in the database, asking them to confirm their username/email address. Of the 10 emails, three bounced back as user unknown, and there were no responses from the others by the time of this publication.

Leet.cc’s Response to the Public Dump  

As far as DataBreaches.net can determine, Leet.cc has done nothing. There’s no notice on their web site, and their Twitter account makes no mention of the dump or what, if anything, users may need to do.  Neither Johan Land, the site’s registered owner, nor anyone else at leet.cc  has responded to two email requests asking them to confirm the authenticity of the data.

Indeed, not only has Leet.cc not made any public statement about the dump, but when Anthrax tweeted that his data had been caught up in the breach, their Twitter account suggested he was to blame for his problems:

@AnthraxGod You must’ve used a dictionary password.

— LEET Servers ? (@leet_cc) September 30, 2016

Wow.

Leet.cc is not the only Minecraft-related service to have been hacked this year. Data from 7 million Lifeboat users was found up for sale on the dark web in April. Unlike Leet.cc, the passwords in the Lifeboat database were MD5 and not SHA512+salt. The Lifeboat hack appeared to have occurred in January. Somewhat shockingly to some, Lifeboat posted a tweet to Leet.cc that appeared to joke about the hacks. Their tweet was subsequently deleted and replaced by a redacted version, but not quickly enough, perhaps. Here’s the archived copy of the tweet.

While the Leet.cc database does not have very sensitive information, with so many young people using Leet.cc and Lifeboat and the likelihood of reusing usernames, email addresses, and passwords across sites, perhaps the Federal Trade Commission might want to look at both companies to see if they have reasonable data security.  Of some concern, Leet.cc also did not  respond to a question concerning a claim made by Anthrax to DataBreaches.net in an encrypted chat that leet.cc remains vulnerable to attack from a common attack method, and that anyone could acquire what he says are now 9.2 million users’ records.

How many more hacks and data dumps will it take before some regulator or state sends a strong message about data security?



			
Category: Breach IncidentsBusiness Sector

Post navigation

← InfoSec: FDA Needs to Rectify Control Weaknesses That Place Industry and Public Health Data at Risk
FTC v. LabMD: Brace for the Ripple Effect →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.