A recent exploit found in OpenSSL (an open-source security socket layer, meant to secure/encrypt internet traffic) called "Heartbleed", made it possible for hackers to find and use passwords on systems using OpenSSL.
WAIT, MOJANG WAS HACKED?
No, Mojang was not hacked. Their servers are not vulnerable to the OpenSSL exploit, but the load balancers they use from Amazon were. As a precaution, it has been recommended that you update your Minecraft password, just to be sure.
Quote from Mojang »
Due to an exploit in the OpenSSL software used by Amazon's load balancing serive (which we use for most of our stuff) we were forced to temporary suspend all of our services. All systems are now back online, and the exploit has been fixed. There was no way to target specific users, but we can not guarantee that your information wasn't compromised. Therefore we recommend everyone to change their Mojang/Minecraft account passwords.
WAIT - DO I CHANGE MY MINECRAFT PASSWORD, MOJANG PASSWORD, OR BOTH?
Does this specifically apply to people with Mojang accounts, or everyone(including those who haven't migrated to a Mojang account)?
I still don't see a reason to get a actual Mojang account since I only play one game by Mojang, Minecraft.
Rollback Post to RevisionRollBack
"Minecraft is like an orgasm - even science can't describe it"
[quote=Cryptonat][quote=Snitch]Basically you're stuck in hell till you find a portal out. There are alternatives to pig, by the way, as you probably know. :> There are no alternatives to Bacon. Ever.
Does this specifically apply to people with Mojang accounts, or everyone(including those who haven't migrated to a Mojang account)?
I still don't see a reason to get a actual Mojang account since I only play one game by Mojang, Minecraft.
Logically speaking, you'll want to get one if you plan on changing your ign, at least because it allows you to log in with an email. It seems highly unlikely that a system that allows you to change your ign would still allow you to log in with said ign...
Does this specifically apply to people with Mojang accounts, or everyone(including those who haven't migrated to a Mojang account)?
I still don't see a reason to get a actual Mojang account since I only play one game by Mojang, Minecraft.
I would go on and change your password just to be safe and not just for minecraft. This security hole made basically the ENTIRE internet vulenable to password stealing hacks.
This doesn't make any sense at all. If Mojang was not hacked, and the problem has been fixed then why in the world would we need to change our passwords?
Either you were hacked and we should change them, or everything is A ok and we don't need too. Personally, it would seem to me that there are some clear discrepancies in your story.
Up above you say, "As a precaution, it has been recommended that you update your Minecraft password, just to be sure." However, you end the very same post by saying, "Regardless of whether you have or have not migrated, it is crucial to change your password."
If it is only recommended that we change our passwords then why is it so crucial?
I would like to know what actually happened and why you are pushing us so hard to change our passwords? Personally, I think your OpenSSL was hacked and you just don't want to say it for fear you may lose some customers.
This doesn't make any sense at all. If Mojang was not hacked, and the problem has been fixed then why in the world would we need to change our passwords?
Either you were hacked and we should change them, or everything is A ok and we don't need too. Personally, it would seem to me that there are some clear discrepancies in your story.
Up above you say, "As a precaution, it has been recommended that you update your Minecraft password, just to be sure." However, you end the very same post by saying, "Regardless of whether you have or have not migrated, it is crucial to change your password."
If it is only recommended that we change our passwords then why is it so crucial?
I would like to know what actually happened and why you are pushing us so hard to change our passwords? Personally, I think your OpenSSL was hacked and you just don't want to say it for fear you may lose some customers.
Amazon, which minecraft uses for several data services, was hacked. This means they may have obtained your username and password, so as a precaution, it is suggested to people to change their password.
No, openSSL has an exploit. That includes many other sites other than mojang/minecraft. I just need to know if those other sites have any vulnerabilities, and apparently steam does and a huge chunk of other sites according to multiple sources.
(I found this out now via my research)
EDIT: Apparently only linux based systems are affected by this, good thing I have windows.
It doesn't matter if YOU have windows or linux, the issue isn't on your end, it's on the end of the websites that use Linux to power their servers.
This doesn't make any sense at all. If Mojang was not hacked, and the problem has been fixed then why in the world would we need to change our passwords?
Either you were hacked and we should change them, or everything is A ok and we don't need too. Personally, it would seem to me that there are some clear discrepancies in your story.
Up above you say, "As a precaution, it has been recommended that you update your Minecraft password, just to be sure." However, you end the very same post by saying, "Regardless of whether you have or have not migrated, it is crucial to change your password."
If it is only recommended that we change our passwords then why is it so crucial?
I would like to know what actually happened and why you are pushing us so hard to change our passwords? Personally, I think your OpenSSL was hacked and you just don't want to say it for fear you may lose some customers.
Uh, its not that urgent... this only means they found heartbleed in OpenSSL. It doesn't mean any hackers have found out how to exploit the heartbleed bug. Besides, what hacker, that knows anything about OpenSSL I might add, is going to want to hack another persons Minecraft account? Even if someone does, you can easily recover your account with just your email.
But have Amazon and others fixed the bug yet? If not, shouldn't we wait until after they fix it so we don't have to all go changing our passwords multiple times?
A recent exploit found in OpenSSL (an open-source security socket layer, meant to secure/encrypt internet traffic) called "Heartbleed", made it possible for hackers to find and use passwords on systems using OpenSSL.
WAIT, MOJANG WAS HACKED?
No, Mojang was not hacked. Their servers are not vulnerable to the OpenSSL exploit, but the load balancers they use from Amazon were. As a precaution, it has been recommended that you update your Minecraft password, just to be sure.
WAIT - DO I CHANGE MY MINECRAFT PASSWORD, MOJANG PASSWORD, OR BOTH?
If you have not migrated your account, change your password at //minecraft.net" target="" data-ensure-absolute>Minecraft.net.
If you have migrated your account, change your password at Mojang.com.
Regardless of whether you have or have not migrated, it is crucial to change your password.
I still don't see a reason to get a actual Mojang account since I only play one game by Mojang, Minecraft.
"Minecraft is like an orgasm - even science can't describe it"
[quote=Cryptonat][quote=Snitch]Basically you're stuck in hell till you find a portal out. There are alternatives to pig, by the way, as you probably know. :> There are no alternatives to Bacon. Ever.
Logically speaking, you'll want to get one if you plan on changing your ign, at least because it allows you to log in with an email. It seems highly unlikely that a system that allows you to change your ign would still allow you to log in with said ign...
I would go on and change your password just to be safe and not just for minecraft. This security hole made basically the ENTIRE internet vulenable to password stealing hacks.
Gotta think of a new password QUICK!
Uh, try "Password", no one will ever guess that.
Either you were hacked and we should change them, or everything is A ok and we don't need too. Personally, it would seem to me that there are some clear discrepancies in your story.
Up above you say, "As a precaution, it has been recommended that you update your Minecraft password, just to be sure." However, you end the very same post by saying, "Regardless of whether you have or have not migrated, it is crucial to change your password."
If it is only recommended that we change our passwords then why is it so crucial?
I would like to know what actually happened and why you are pushing us so hard to change our passwords? Personally, I think your OpenSSL was hacked and you just don't want to say it for fear you may lose some customers.
http://fingersmeller.wix.com/millennials
Thanks for the notice, but atleast they didn't know the real password right? just the encrypted? :noobie here:
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
and this will help you test if anything you have running openssl is vuln...
http://gobuild.io/download/github.com/titanous/heartbleeder
Trusted and Established Minecraft Server Hosting since Alpha in 2010. Minecraft Server Host: www.minecraftserverhost.net
Test Servers: test.minecraft.ms | east.minecraft.ms | central.minecraft.ms | west.minecraft.ms
I am a representative of Minecraftserverhost.net
Amazon, which minecraft uses for several data services, was hacked. This means they may have obtained your username and password, so as a precaution, it is suggested to people to change their password.
It doesn't matter if YOU have windows or linux, the issue isn't on your end, it's on the end of the websites that use Linux to power their servers.
It wasn't just Mojang - https://news.google.com/news/section?pz=1&cf=all&ned=us&q=OpenSSL It affects ~2/3rds of the entire internet.
it should be working now https://minecraft.net/
Download the AliensVsPredator Minecraft Mod today at http://aliensvspredator.org
I doubt this isn't legit speaking Mojang is asking you to change your password. :/
#BAUM4EXILE2014
:^)
HELP CAPSLOCK KEY FELL OFF IT SWITCHES ON AND OFF, HELP PLS.