2 min read

Leaked Minecraft passwords aren't the result of hack, says Microsoft

Graham CLULEY

January 21, 2015

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Leaked Minecraft passwords aren't the result of hack, says Microsoft

There’s good news if you’re a fan of the online game Minecraft.

Microsoft, the parent company of Minecraft developer Mojang, has confirmed that Minecraft has not been hacked.

minecraft-pig

Concerns were raised that a breach might have been the reason behind over 1800 users’ credentials appearing on Pastebin, as reported by Hot for Security and Heise, however it always seemed more likely that the login details had been stolen by targeting players rather than the game itself.

The truth is that usernames and passwords are constantly dripping onto the net – not just for games like Minecraft, but for porn sites, online dating and a myriad of other services – and it’s not unusual for username/password combos to make the rounds of various underground forums for months if not years.

In all likelihood, the Minecraft credentials were stolen from fans of the blocky online building world through phishing attacks and keylogging malware.

If Minecraft had suffered a serious security incident related to its user database we would be looking at a lot more than 1800 credentials being stolen – think 100 million instead.

Of course, that’s not to say that any of us can be complacent. If your username and password shows up the internet, your online accounts may be at risk – and you’re in even greater danger if you made the mistake of using the same password on multiple websites.

For that reason, my recommendation is to give yourself as much early warning as possible as to whether your credentials might have been posted on the net.

As well as Googling for your own email address, you might consider using the free “Have I been pwned?” service created by computer scientist Troy Hunt, and asking to be notified if a password breach occurs.

pwned

Have I Been Pwned makes it easy for you to search for your email address amongst the hundreds of millions of accounts exposed, following breaches at Adobe, Gawker, Yahoo and others.

Thanks to Troy’s hard work, the list of breached databases continues to be expanded – so you never know when you might get an email telling you your passwords are in the hands of hackers.

tags


Author


Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like

Bookmarks


loader