Wait, what?

Looks like you came here from Geekosystem. Don't worry, everything is still here. We've just combined forces with The Mary Sue to bring you more and better content, all in one place.

Minecraft Wasn’t Hacked, But You Should Probably Change Your Password If You Use the Internet

But you already prudently change your password at regular intervals, right? Yeah, me neither.

11407095883_c29ebc0949_z

No, I don’t mean that in a hyperbolic, “hackers are going to steal your identity and basically become an evil pod-person version of you, freak the Hell out!” kind of way. It’s a good idea to change your password often, but it’s an especially good idea if you use a site that employs an OpenSSL version that’s vulnerable to the recently discovered Heartbleed bug. You might be fine, but it’s better to just change your passwords anyway.

The OpenSSL bug doesn’t actually mean that any one site’s database of customer information has been exposed. SSL is the secure system by which your computer and the system it’s contacting make sure they are who they say they are and that your data is going from point a to point b without anyone getting in the middle.

Well, surprise! A coding bug in some common versions of OpenSSL that sites use allows someone to look inside this “secret handshake” and intercept the data that’s being passed back and forth.

Troy_and_abed_handshake

Data contained in this secret handshake: friendship.

So, anyone who’s been listening in would’ve been able to lift any secure data right out without anyone ever knowing. Yeah, good luck ever getting your parents to trust online shopping now.

There’s a decent list you can check here to see which sites have been affected, and maybe stay off of them until you’re sure they’ve instituted an updated version of SSL that addresses the bug. As a smart preventative measure, Minecraft‘s servers were taken offline, because they make use of load balancing services offered by Amazon that use the bugged SSL.

They even had to drop support for an older login method that is beyond repair:

If you’re looking for the silver lining here, it’s that Minecraft and the rest of these sites themselves haven’t actually been hacked.  They just had to switch to an updated version of SSL, and everything should be fine again. Still, it’s best to avoid using sites that are vulnerable to the bug until you’re sure they’ve been fixed—especially considering that pretty much everyone on the Internet knows about the bug now.

And maybe change your passwords.

(via Gizmodo, image via Perspecsys Photos)

Meanwhile in related links

Filed Under |

© 2014 The Mary Sue   |   About UsAdvertiseNewsletterJobsContributorsComment PolicyPrivacyUser AgreementDisclaimerContactArchives RSS

Dan Abrams, Founder
  1. Mediaite
  2. The Mary Sue
  3. Styleite
  4. The Braiser
  5. SportsGrid
  6. Gossip Cop