You\u2019d think you\u2019d hear about a hack that affects over 7 million people \u2026 unless the company chooses to \u201ccover it up.\u201d Thankfully that is changing thanks to security researcher Troy Hunt, via Have I Been Pwned.Scale-wise, it's a big breach. Lifeboat is listed in Have I Been Pwned\u2019s top 10 breaches; it currently is ranked eighth with 7,089,395 compromised accounts.In search results, Lifeboat Network is summarized as \u201cJoin eight million others in a game changing Minecraft Pocket Edition experience.\u201d The Pocket Edition is the mobile version of Minecraft. Once Minecraft PE is installed on a mobile device, a user connects to the Lifeboat Network and registers a username and password using a valid email address. In the words of Lifeboat, \u201cUse a real email \u2013 You will need to use it if if [sic] you ever forget your password, so be sure it is valid. By the way, we recommend short, but difficult to guess passwords. This is not online banking.\u201dOf course it\u2019s not online banking; you should pray for the safety of any poor soul using the same password for a game that they use for banking as it likely happens. The chances are much greater that many people reuse their Lifeboat password for other online sites. A prime example of that was given by Hennihenner, a self-described \u201ccasual gamer\u201d in Germany.Hennihenner was notified by Have I Been Pwned\u2019s Troy Hunt to help verify if a new breach was legit. It was, and Hennihenner was spooked, worried about accounts he considers important, such as YouTube, Reddit, Twitter and Steam, because he had used the \u201csame password since 2011.\u201d Although he knew it was a \u201cbad idea,\u201d he had justified his password reuse by thinking he only used \u201csafe websites\u201d or thought no one would hack an account that is not connected to money. But after learning Lifeboat had been breached and his password was floating around in the cyber ether, he got to work changing all his passwords.Why did Hennihenner not change his password after Lifeboat notified him about the breach? Because Lifeboat didn\u2019t notify him about the breach, which occurred in January. In fact, it seems likely that Lifeboat didn\u2019t notify any of the more than 7 million users. Instead, a Lifeboat representative told Motherboard:When this happened [in] early January we figured the best thing for our players was to quietly force a password reset without letting the hackers know they had limited time to act. We did this over a period of some weeks. We retain no personal information (name, address, age) about our players, so none was leaked.Hunt told Motherboard he was notified of the Lifeboat breach by an individual \u201cactively involved in trading who\u2019s sent me other data in the past.\u201dRegarding the fact that Lifeboat \u201ctried to cover it up,\u201d Hunt said, \u201cLet me put the insanity of this in context: multiple people I contacted were left totally exposed with no idea that their long-held, tried-and-tested password they'd used everywhere was now in the hands of hackers.\u201d\u201cLike it or not, this is what people do,\u201d Hunt wrote. Even if developers of a new site are careful with setting up account management features, \u201cpeople will use credentials that will unlock their bank account or, even worse, their email.\u201dThe passwords, according to Hunt, had been stored with a weak MD5 hash and were not salted, meaning it was \u201cvery close to useless cryptographic storage.\u201d Combine that with Lifeboat not alerting users to the breach, and Hunt said, \u201cI'm not sure that I've seen such a blatant disregard for personal account information before. It's no wonder I'm kept so busy these days!\u201dIn defense of not notifying its users of the breach, another Lifeboat spokesperson told Motherboard, \u201cWe have not received any reports of anyone being damaged by this.\u201dIf a user had no clue their data was in the hands of bad actors thanks to the site being hacked, then there would be no reason for anyone to contact Lifeboat with a damaging report. Now that the hack is hitting the news, I guess we\u2019ll see if that holds true.