In a post on the, Mojang's Owen Hill explained the situation, and encouraged users to be aware of proper password security.
“No! We haven’t been hacked,” Hill clarifies. “A bunch of bad people have tricked some of our users into disclosing their account information. We’ve emailed everyone affected, and reset all compromised passwords. If you haven’t received an email from us, you don’t need to worry. No-one has gained access to the Mojang mainframe. Even if they did, we store your passwords in a super encrypted format. Honestly, you don’t need to panic.”
The 1800 passwords were stolen by unsavoury types using good old-fashioned “phishing”, namely pretending to be a Mojang representative and tricking users into handing over private data.
“You should never, ever, enter your Mojang account details on websites that aren’t owned by us,”says Hill “It’s good practice to use different passwords for each of your internet logins too. That way, if someone does get hold of one password, they won’t get access to your other stuff.”
That might be common sense to most savvy internet users, butis so mind-bogglingly popular that inevitably some sections of its audience are less familiar with what a total pit of bastards the internet can be. If you're worried about your password, you can reset it by