The millions of people who play Minecraft should change their passwords as soon as possible.
Minecraft developer Mojang’s web servers were among those exposed by Heartbleed, a loophole in the Open SSL security platform that a majority of websites use to secure information transferring. (For more information, see VentureBeat’s coverage.) The company behind the blockbuster open-world block-building game for home consoles and mobile devices took down its servers as soon as it learned of the flaw, updating to a patched version and obtaining a new security certificate.
Mojang detailed its response to Heartbleed, as well as its advice to account holders, in this post on its website. We have reached out for additional comment.
Many other websites still need to take these steps — especially updating their security credentials, which tech news site The Verge says can be a “slow and expensive” process. And you should wait to find out a vulnerable site is safe before changing your password — otherwise, your information may still be at risk.
Heartbleed is among the most dangerous security flaws on the web. Discovered this week, it went unnoticed until Google researcher Neel Mehta stumbled upon it. The exploit enables hackers to pull a random 64 kilobytes of information from the working memory of a vulnerable web server. Lots of important information can be found in most servers’ working memories, including usernames, passwords, and even financial and personal information. What makes Heartbleed so dangerous is that it’s repeatable; the 64KB extraction can be done over and over, leaving no trace. Through this process of fishing for useful data, hackers could even score the encryption keys to the server, giving them access to all of its data, past and present.
So change your Minecraft password and change all of your other passwords as soon as other websites are secure. This website can test whether or not a site is still vulnerable.
Heartbleed is no joke.
GamesBeatGamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. How will you do that? Membership includes access to:
- Newsletters, such as DeanBeat
- The wonderful, educational, and fun speakers at our events
- Networking opportunities
- Special members-only interviews, chats, and "open office" events with GamesBeat staff
- Chatting with community members, GamesBeat staff, and other guests in our Discord
- And maybe even a fun prize or two
- Introductions to like-minded parties