A recent exploit was discovered in the Minecraft authorization servers, which allowed players to log in to SMP servers as any account they wished. Mojang temporarily took down the login servers, and have successfully eliminated this exploit.
Minecraft Chick had the following to say on the matter:
Quote from Lydia Winters »
Hi Guys,
We are aware of the security issues involved with the Minecraft authorization servers and are currently working to fix it.
Right now the authorization servers have been taken offline and will be down until further notice. The Mojangstas are working hard to make sure we get everything back to perfect working order.
We’ll keep you updated as we have a more clear timeline. We really are sorry about this and are working as fast as we can!
It is not believed at this time that any account information - such as passwords, security info or any other sensitive information - was compromised. Players are, as in any similar situation, encouraged to change their password when the authorization servers come online, if they feel their information was compromised.
Redditor "barneygale" gave a very detailed breakdown of the process, which you can read by clicking here.
I hope this exploit gets fixed fast. I really want to play MP and not to worry about people greifing with it. I'm more worried about the greifing though. Also from what I've read, all they do is use your username, no info is stolen, though you may be banned on some servers or reputation tainted.
You can still login so far and you can even change your password now on Minecraft.net but yeah, just can't authorize when connecting to a server.... glad they're taking care of the problem, especially as a server admin.
Rollback Post to RevisionRollBack
FNG Nation Minecraft Server Addresses @ FNGnation.net
[3 MC Servers | TeamSpeak Server | Creators of Relapse Movie | Youtube Channel | Podcasts]
Huh, I was trying to authenticate an account on a website then it showed the error, and I couldn't login to any servers. I thought my account was hacked. Thank god it wasn't :3
One question that's bugging me:
Do we have to migrate our minecraft accounts to play now?
I would hate that....
The doc
No, this problem is affecting everyone, though people with a migrated account may have people playing with their USERNAME, they have not used your password to log in. They are using an exploit to appear as you.
Is there any way for us players. To see if our accounts had been used recently. Like a login session log? I want to know if I have been comprimised. I read on the reddit post it targets migrated accounts. I just migrated yesterday!
Team Avo posted this (how to do it (not detailed, just the simple things, not really how to do it), how to avoid it, how to check your vulnerability, etc. Ironically, they are literally the 'good' guys here) https://gist.github.com/3115176
Team Avo posted this (how to do it (not detailed, just the simple things, not really how to do it), how to avoid it, how to check your vulnerability, etc. Ironically, they are literally the 'good' guys here) https://gist.github.com/3115176
In reply to The_Waza_Man;
I meant do we have to migrate our minecraft account so that we (the actual users) can log in?
An example of this is that only the Mojang user accounts would work with minecraft.
Plz tell me if this is so.
The doc
No, Mojang turned off the servers that authenticate the accounts, no one can play multiplayer, but single player is fine. Anyone can log in, just not play multiplayer.
I was wondering why I kept getting the 503 error. Its bothersome to hear that having my account migrated makes it vulnerable. I just changed my password a few days ago, guess it won't hurt to do it again. Glad to know they caught it and are fixing it.
Minecraft Chick had the following to say on the matter:
UPDATE: Authorization servers are back online, and the login exploit should no longer be possible.
It is not believed at this time that any account information - such as passwords, security info or any other sensitive information - was compromised. Players are, as in any similar situation, encouraged to change their password when the authorization servers come online, if they feel their information was compromised.
Redditor "barneygale" gave a very detailed breakdown of the process, which you can read by clicking here.
https://gist.github.com/3115176
Get it here: Click here! Wan't to see my Youtube Videos? Well, I'm plazmacatcher, check it out
Minecraft Tales from the Nether
https://www.youtube.com/watch?v=DsKXcwxf7J8