Industry News

Leaked Minecraft passwords aren’t the result of hack, says Microsoft

There’s good news if you’re a fan of the online game Minecraft.

Microsoft, the parent company of Minecraft developer Mojang, has confirmed that Minecraft has not been hacked.


Concerns were raised that a breach might have been the reason behind over 1800 users’ credentials appearing on Pastebin, as reported by Hot for Security and Heise, however it always seemed more likely that the login details had been stolen by targeting players rather than the game itself.

The truth is that usernames and passwords are constantly dripping onto the net – not just for games like Minecraft, but for porn sites, online dating and a myriad of other services – and it’s not unusual for username/password combos to make the rounds of various underground forums for months if not years.

In all likelihood, the Minecraft credentials were stolen from fans of the blocky online building world through phishing attacks and keylogging malware.

If Minecraft had suffered a serious security incident related to its user database we would be looking at a lot more than 1800 credentials being stolen – think 100 million instead.

Of course, that’s not to say that any of us can be complacent. If your username and password shows up the internet, your online accounts may be at risk – and you’re in even greater danger if you made the mistake of using the same password on multiple websites.

For that reason, my recommendation is to give yourself as much early warning as possible as to whether your credentials might have been posted on the net.

As well as Googling for your own email address, you might consider using the free “Have I been pwned?” service created by computer scientist Troy Hunt, and asking to be notified if a password breach occurs.


Have I Been Pwned makes it easy for you to search for your email address amongst the hundreds of millions of accounts exposed, following breaches at Adobe, Gawker, Yahoo and others.

Thanks to Troy’s hard work, the list of breached databases continues to be expanded – so you never know when you might get an email telling you your passwords are in the hands of hackers.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.


Click here to post a comment