A recent exploit found in OpenSSL (an open-source security socket layer, meant to secure/encrypt internet traffic) called "Heartbleed", made it possible for hackers to find and use passwords on systems using OpenSSL.
WAIT, MOJANG WAS HACKED?
No, Mojang was not hacked. Their servers are not vulnerable to the OpenSSL exploit, but the load balancers they use from Amazon were. As a precaution, it has been recommended that you update your Minecraft password, just to be sure.
Quote fromDue to an exploit in the OpenSSL software used by Amazon's load balancing serive (which we use for most of our stuff) we were forced to temporary suspend all of our services. All systems are now back online, and the exploit has been fixed. There was no way to target specific users, but we can not guarantee that your information wasn't compromised. Therefore we recommend everyone to change their Mojang/Minecraft account passwords.
WAIT - DO I CHANGE MY MINECRAFT PASSWORD, MOJANG PASSWORD, OR BOTH?
If you have not migrated your account, change your password at Minecraft.net.
If you have migrated your account, change your password at Mojang.com.
Regardless of whether you have or have not migrated, it is crucial to change your password.
I still don't see a reason to get a actual Mojang account since I only play one game by Mojang, Minecraft.
Logically speaking, you'll want to get one if you plan on changing your ign, at least because it allows you to log in with an email. It seems highly unlikely that a system that allows you to change your ign would still allow you to log in with said ign...
I would go on and change your password just to be safe and not just for minecraft. This security hole made basically the ENTIRE internet vulenable to password stealing hacks.
Gotta think of a new password QUICK!
Uh, try "Password", no one will ever guess that.
Either you were hacked and we should change them, or everything is A ok and we don't need too. Personally, it would seem to me that there are some clear discrepancies in your story.
Up above you say, "As a precaution, it has been recommended that you update your Minecraft password, just to be sure." However, you end the very same post by saying, "Regardless of whether you have or have not migrated, it is crucial to change your password."
If it is only recommended that we change our passwords then why is it so crucial?
I would like to know what actually happened and why you are pushing us so hard to change our passwords? Personally, I think your OpenSSL was hacked and you just don't want to say it for fear you may lose some customers.
Thanks for the notice, but atleast they didn't know the real password right? just the encrypted? :noobie here:
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
and this will help you test if anything you have running openssl is vuln...
http://gobuild.io/download/github.com/titanous/heartbleeder
Amazon, which minecraft uses for several data services, was hacked. This means they may have obtained your username and password, so as a precaution, it is suggested to people to change their password.
It doesn't matter if YOU have windows or linux, the issue isn't on your end, it's on the end of the websites that use Linux to power their servers.
It wasn't just Mojang - https://news.google.com/news/section?pz=1&cf=all&ned=us&q=OpenSSL It affects ~2/3rds of the entire internet.
it should be working now https://minecraft.net/
I doubt this isn't legit speaking Mojang is asking you to change your password. :/
Probably. This bug affected an estimated 2/3 of websites.
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/?kw=100k_pvs&search=100k_pvs