A recent exploit found in OpenSSL (an open-source security socket layer, meant to secure/encrypt internet traffic) called "Heartbleed", made it possible for hackers to find and use passwords on systems using OpenSSL.
WAIT, MOJANG WAS HACKED?
No, Mojang was not hacked. Their servers are not vulnerable to the OpenSSL exploit, but the load balancers they use from Amazon were. As a precaution, it has been recommended that you update your Minecraft password, just to be sure.
Quote fromDue to an exploit in the OpenSSL software used by Amazon's load balancing serive (which we use for most of our stuff) we were forced to temporary suspend all of our services. All systems are now back online, and the exploit has been fixed. There was no way to target specific users, but we can not guarantee that your information wasn't compromised. Therefore we recommend everyone to change their Mojang/Minecraft account passwords.
WAIT - DO I CHANGE MY MINECRAFT PASSWORD, MOJANG PASSWORD, OR BOTH?
If you have not migrated your account, change your password at Minecraft.net.
If you have migrated your account, change your password at Mojang.com.
Regardless of whether you have or have not migrated, it is crucial to change your password.
They just told on the national news that it's beign recommended that everyone change their passwords everywhere due to the OpenSSL issue.
As soon as I posted this I Googled this and then I learned that soon after...
Log into your mojang account with your email, and then change it inside your mojang account.
If that does not work, contact customer support.
lol
lets hope so...
MEANWHILE CHUCK NORRIS HACKS ALL MINECRAFT ACCOUNTS AND CHANGES SKINS TO A COPY OF HIMSELF! XD
Or the villagers do that, they must have used this heartworm thing.
Yes. To put it simply, IT DOES NOT MATTER WHATS ON YOUR END. Thats it, no anti virus, fire wall,OS etc can help you. It was a bug in openSSL, which means that when you log in (or pretty much an work done by a server with you credientials in it) , your infomatation is send over a secure encrpyted connection, so people cann't see your credentials, BUT, there was a flaw that can be exploited so it wasn't so secure. You may notice that it said linux though, well, more then 80% of the servers on the internet run linux. Although, given the nature of linux, things like this get a speedy fix. If you keep up with tech news or have an IOS device you may remeber when apple pushed ios 7.0.4 to ios 7.0.6. Same idea, it was a SSL flaw, although it wasn't the same, bugs in SSL have the basic end result of "its not secure now" . Basicly the SSL bug let someone do a man-in-the-middle attack on you when on the same wifi. Meaning, that a hacker could "pretend" to be a website because the data wasn't secure and get your info. The openSSL bug was like that, but not exactly, basicly, the info that was shared between you and the site and various other things are supposed to only be read by the place it's ment to go, using keys, encryption, and what not. There was a flaw/weakspot in the system so that if a process was done/expoited, the data send wouldn't be protected (the expoit made it plain and/or revealed the methods for keeping it secret, like encrpytion passwords) , so they could see the info in a format they could use.
Cos if not, there's no point in changing passwords just yet, as hackers will still be able to heartbeat.
Yes, they have. That's why the services went down for a few hours a couple of days ago.
Just changed my password.