In early 2016, Lifeboat — one of the most popular Minecraft Pocket Edition server networks with over 3 million registered accounts — was breached. The breach affected approximately 7 million user accounts. Exposed data included email addresses and MD5-hashed passwords. The breach was significant because Lifeboat is primarily used by children and teenagers — Minecraft Pocket Edition being the mobile version of the game, particularly popular with younger players under 13. The exposure of email addresses for millions of children is particularly concerning from a COPPA (Children’s Online Privacy Protection Act) perspective. Lifeboat did not notify users of the breach for approximately three months. Troy Hunt at Have I Been Pwned added the data and notified Lifeboat, which prompted disclosure. Lifeboat issued a notification in March 2016 encouraging password resets. The use of MD5 hashing without salting made the passwords highly susceptible to cracking, putting children’s accounts at risk of credential stuffing across other platforms where they reused passwords. The breach highlighted the inadequate security practices common among gaming server operators and the particular vulnerability of child-focused gaming platforms.