However they strongly advise changing your Mojang and Minecraft passwords given how severe this ‘Heartbleed’ exploit is as it ‘leaves no traces’ of system intrusion.
Put simply, OpenSSL was compromised which let those who knew of the exploit to get hold of encryption keys for servers, meaning communications were no longer secure.
”Two days ago a serious vulnerability (that’s been named “Heartbleed”) in the popular cryptographic software OpenSSL was made public. This weakness could potentially be exploited to steal information, such as login information, that normally would be protected by encryption. This software is used by roughly two thirds of the internet so a lot of services were or are at risk of being affected,” posted Mojang.
”As soon as we realized the severity of the exploit we decided to shut down all of our systems until a fix was available. This is why you were unable to log in yesterday. We then made sure that all of our services that use SSL no longer had this vulnerability before bringing them back online. We also updated all of our SSL certificates.”
The studio is strongly advising users change their passwords.
”Since uses of the exploit leaves no traces, there’s no way for us to guarantee that your password hasn’t been compromised. Therefore, if you typed in your password into any of our games or websites during the last couple of days we strongly advise you to change it. Even if you haven’t logged in, it can still be a good idea the to change your password.”
”Remember that since many other parts of the internet was affected as well you should also change your password for any other services that you have logged in to recently.”
Mojang are also discontinuing support for the Minecraft Legacy launcher (used before 1.6) because of the serious nature of the Heartbleed exploit in OpenSSL. The current launcher (1.3.11) lets you play older versions on pre-1.6 servers.
The OpenSSL Heartbleed exploit affects much more than just Mojang of course as many major websites and server services, like Amazon’s Cloud Drive, have all been made vulnerable.
