The millions of people who play Minecraft should change their passwords as soon as possible.
Minecraft developer Mojang’s web servers were among those exposed by Heartbleed, a loophole in the Open SSL security platform that a majority of websites use to secure information transferring. (For more information, see VentureBeat’s coverage.) The company behind the blockbuster open-world block-building game for home consoles and mobile devices took down its servers as soon as it learned of the flaw, updating to a patched version and obtaining a new security certificate.
Mojang detailed its response to Heartbleed, as well as its advice to account holders, in this post on its website. We have reached out for additional comment.
Many other websites still need to take these steps — especially updating their security credentials, which tech news site The Verge says can be a “slow and expensive” process. And you should wait to find out a vulnerable site is safe before changing your password — otherwise, your information may still be at risk.
Heartbleed is among the most dangerous security flaws on the web. Discovered this week, it went unnoticed until Google researcher Neel Mehta stumbled upon it. The exploit enables hackers to pull a random 64 kilobytes of information from the working memory of a vulnerable web server. Lots of important information can be found in most servers’ working memories, including usernames, passwords, and even financial and personal information. What makes Heartbleed so dangerous is that it’s repeatable; the 64KB extraction can be done over and over, leaving no trace. Through this process of fishing for useful data, hackers could even score the encryption keys to the server, giving them access to all of its data, past and present.
So change your Minecraft password and change all of your other passwords as soon as other websites are secure. This website can test whether or not a site is still vulnerable.
Heartbleed is no joke.