DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Leet.cc data hacked in February publicly dumped

Posted on October 3, 2016 by Dissent

In August, LeakedSoure informed Softpedia that it had received the full database and source of Leet.cc, a service for creating and running Minecraft Pocket Edition servers. According to Softpedia at the time, there were over 6 million users’ records, consisting of username, hashed password, registration date, last login date, and user ID. “For the vast majority of users, but not for all, there was also an email address associated with their account,” Cimpanu reported.

As Cimpanu also reported, there was talk that the hack had actually occurred back in February. A search of Twitter reveals that “Anthrax” had claimed responsibility for the hack and that Leet.cc was aware of it in February:

@leet_cc Did you know about this? pic.twitter.com/NPCzSfVSBg

— NerdyProductionz (@NerdyPlayZMC) February 9, 2016

Leet.cc responded that they were aware and  working on it:

@NerdyPlayZMC Yes, we are testing and upgrading our security systems at the moment. You might see this often during this test period

— LEET Servers (@leet_cc) February 9, 2016

Somewhere between February and September 29, however, there appears to have been another, more limited, breach, as HaveIBeenPwned.com reported:

Leet

In August 2016, the service for creating and running Pocket Minecraft edition servers known as Leet was reported as having suffered a data breach that impacted 6 million subscribers. The incident reported by Softpedia had allegedly taken place earlier in the year, although the data set sent to HIBP was dated as recently as early September but contained only 2 million subscribers. The data included usernames, email and IP addresses and SHA512 hashes.

Compromised data: Email addresses, IP addresses, Passwords, Usernames, Website activity

On September 29, the larger (February) database was made publicly available by “Anthrax” (@anthraxiation), who tweeted:

LEET CC DB IS NOW PUBLIC mega.nz/#!QMUXEAgA

AND @PoodleCorp DB mega.nz/#!NE9zBYYD

PM me for passwords

— Anthrax (@anthraxiation) September 29, 2016

The database, a copy of which was obtained by DataBreaches.net, contains 6,085,759 records. There are 5,089,066 email addresses. DataBreaches.net did not attempt to identify or delete any duplicate records. DataBreaches.net sent inquiries to a small sample of the email addresses in the database, asking them to confirm their username/email address. Of the 10 emails, three bounced back as user unknown, and there were no responses from the others by the time of this publication.

Leet.cc’s Response to the Public Dump  

As far as DataBreaches.net can determine, Leet.cc has done nothing. There’s no notice on their web site, and their Twitter account makes no mention of the dump or what, if anything, users may need to do.  Neither Johan Land, the site’s registered owner, nor anyone else at leet.cc  has responded to two email requests asking them to confirm the authenticity of the data.

Indeed, not only has Leet.cc not made any public statement about the dump, but when Anthrax tweeted that his data had been caught up in the breach, their Twitter account suggested he was to blame for his problems:

@AnthraxGod You must’ve used a dictionary password.

— LEET Servers ? (@leet_cc) September 30, 2016

Wow.

Leet.cc is not the only Minecraft-related service to have been hacked this year. Data from 7 million Lifeboat users was found up for sale on the dark web in April. Unlike Leet.cc, the passwords in the Lifeboat database were MD5 and not SHA512+salt. The Lifeboat hack appeared to have occurred in January. Somewhat shockingly to some, Lifeboat posted a tweet to Leet.cc that appeared to joke about the hacks. Their tweet was subsequently deleted and replaced by a redacted version, but not quickly enough, perhaps. Here’s the archived copy of the tweet.

While the Leet.cc database does not have very sensitive information, with so many young people using Leet.cc and Lifeboat and the likelihood of reusing usernames, email addresses, and passwords across sites, perhaps the Federal Trade Commission might want to look at both companies to see if they have reasonable data security.  Of some concern, Leet.cc also did not  respond to a question concerning a claim made by Anthrax to DataBreaches.net in an encrypted chat that leet.cc remains vulnerable to attack from a common attack method, and that anyone could acquire what he says are now 9.2 million users’ records.

How many more hacks and data dumps will it take before some regulator or state sends a strong message about data security?


Related posts:

  • Forbes Breach Email Statistics
  • Operation Islam v Operation Israel Results
  • A further 512 websites hacked and defaced by HaX.R00T
  • A 2020 Data Breach That Continues To Remain An Unsolved Mystery
Category: Breach IncidentsBusiness Sector

Post navigation

← InfoSec: FDA Needs to Rectify Control Weaknesses That Place Industry and Public Health Data at Risk
FTC v. LabMD: Brace for the Ripple Effect →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.