Jump to content

  • Curse Sites
Become a Premium Member! Help
Rate Article   * * * * * 4 votes

Posted in: News by ,
106 Comments
A recent exploit was discovered in the Minecraft authorization servers, which allowed players to log in to SMP servers as any account they wished.  Mojang temporarily took down the login servers, and have successfully eliminated this exploit.

Minecraft Chick had the following to say on the matter:

Lydia Winters said:

Hi Guys,

We are aware of the security issues involved with the Minecraft authorization servers and are currently working to fix it.

Right now the authorization servers have been taken offline and will be down until further notice. The Mojangstas are working hard to make sure we get everything back to perfect working order.

We’ll keep you updated as we have a more clear timeline. We really are sorry about this and are working as fast as we can!

Happy Sunday :)

UPDATE: Authorization servers are back online, and the login exploit should no longer be possible.

It is not believed at this time that any account information - such as passwords, security info or any other sensitive information - was compromised.  Players are, as in any similar situation, encouraged to change their password when the authorization servers come online, if they feel their information was compromised.

Redditor "barneygale" gave a very detailed breakdown of the process, which you can read by clicking here.
Posted in: News
Promoted from Server Login Servers Temporarily Offline; Fix For Exploit In Progress

Comments

#1

The_Waza_Man

Posted 15 July 2012 - 08:18 AM

I hope this exploit gets fixed fast. I really want to play MP and not to worry about people greifing with it. I'm more worried about the greifing though. Also from what I've read, all they do is use your username, no info is stolen, though you may be banned on some servers or reputation tainted.
Posted Image

#2

WARxTERROR

Posted 15 July 2012 - 08:21 AM

i was recording for my youtube channel and when i crashed i wasnt able to get back in....

#3

Seifster

Posted 15 July 2012 - 08:22 AM

Dayum, i wanted to play SMP this morning:'(

#4

Dr_Crazy_Mii

Posted 15 July 2012 - 08:23 AM

Wow, that's a good thing they got onto it! :steve_csi:
Hope it's fixed (properly) soon!

The doc
Posted Image

#5

BushBacon

Posted 15 July 2012 - 08:23 AM

*phew* I thought there was something wrong with my account. :)

#6

never2nv
    never2nv

    Coal Miner

  • Curse Premium
  • Curse Premium
  • 121 posts

Posted 15 July 2012 - 08:24 AM

You can still login so far and you can even change your password now on Minecraft.net but yeah, just can't authorize when connecting to a server.... glad they're taking care of the problem, especially as a server admin.

FNG Nation Minecraft Server Addresses @ FNGnation.net  

[3 MC Servers | TeamSpeak Server | 24 Hour FNG Radio |  Youtube Channel | Podcasts]

#7

Chicken16198998

Posted 15 July 2012 - 08:37 AM

Omg this happened on as server I was on it fully got griefed D:

#8

1337Chicken

Posted 15 July 2012 - 08:37 AM

So this made somebody able to log into my account then go onto the server i am a staff on, then banned everybody in the server. Screw this exploit.
Posted Image

#9

Dr_Crazy_Mii

Posted 15 July 2012 - 08:41 AM

One question that's bugging me:
Do we have to migrate our minecraft accounts to play now?
I would hate that....

The doc
Posted Image

#10

zamorak789
    zamorak789

    Lapis Lazuli Collector

  • Members
  • 1052 posts

Posted 15 July 2012 - 08:44 AM

I can't even login to my own server. That sucks.
Posted Image

#11

Mcdumsuker

Posted 15 July 2012 - 08:44 AM

Huh, I was trying to authenticate an account on a website then it showed the error, and I couldn't login to any servers. I thought my account was hacked. Thank god it wasn't :3
Posted Image

#12

The_Waza_Man

Posted 15 July 2012 - 08:45 AM

[quote name='Dr_Crazy_Mii' timestamp='1342341700' post='16514090']
One question that's bugging me:
Do we have to migrate our minecraft accounts to play now?
I would hate that....

The doc
[/quote] No, this problem is affecting everyone, though people with a migrated account may have people playing with their USERNAME, they have not used your password to log in. They are using an exploit to appear as you.
Posted Image

#13

Hunter
    Hunter

    Retired Staff

  • Retired Staff
  • 1676 posts

Posted 15 July 2012 - 08:48 AM

Is there any way for us players. To see if our accounts had been used recently. Like a login session log? I want to know if I have been comprimised. I read on the reddit post it targets migrated accounts. I just migrated yesterday!
Posted Image

Forum Rules.| Is Minecraft.net up? | MC Discussion rules.

#14

CruciatusCurse

Posted 15 July 2012 - 08:48 AM

Team Avo posted this (how to do it (not detailed, just the simple things, not really how to do it), how to avoid it, how to check your vulnerability, etc. Ironically, they are literally the 'good' guys here)
[url="https://gist.github.com/3115176"]https://gist.github.com/3115176[/url]

Posted Image

#15

UnoJohnP
    UnoJohnP

    Newly Spawned

  • Members
  • 1 posts

Posted 15 July 2012 - 08:53 AM

when could we expect this to be done? so we can go onto servers again

#16

Dr_Crazy_Mii

Posted 15 July 2012 - 08:53 AM

In reply to The_Waza_Man;
I meant do we have to migrate our minecraft account so that we (the actual users) can log in?
An example of this is that only the Mojang user accounts would work with minecraft.
Plz tell me if this is so.

The doc
Posted Image

#17

Pika
    Pika

    Fluffy Moderator

  • Sectional Moderator
  • 970 posts

Posted 15 July 2012 - 08:54 AM

Hopefully they fix this fast. It'd be a shame if someone lost their account from this.

#18

2_friends_mod_minecraft

Posted 15 July 2012 - 08:55 AM

Ahh, man! This happened just when I finally got to port-forward my server! REALLY hope it's fixed soon...
Posted Image
Get it here: Click here! Wan't to see my Youtube Videos? Well, I'm plazmacatcher, check it out :D

#19

The_Waza_Man

Posted 15 July 2012 - 08:57 AM

[quote name='CruciatusCurse' timestamp='1342342130' post='16514168']
Team Avo posted this (how to do it (not detailed, just the simple things, not really how to do it), how to avoid it, how to check your vulnerability, etc. Ironically, they are literally the 'good' guys here)
[url="https://gist.github.com/3115176"]https://gist.github.com/3115176[/url]
[/quote] Wow, never thought I would see the day.
Posted Image

#20

crunchycamsta

Posted 15 July 2012 - 08:58 AM

i was wondering why it was quiet this morning my admin job got quite boring so i made a cactus from bedrock to height limit
  1. News
  2. Server Login Servers Temporarily Offline; Fix For Exploit In Progress
  3. Privacy Policy