Skip to main content

Minecraft Wasn’t Hacked, But You Should Probably Change Your Password If You Use the Internet

But you already prudently change your password at regular intervals, right? Yeah, me neither.


No, I don’t mean that in a hyperbolic, “hackers are going to steal your identity and basically become an evil pod-person version of you, freak the Hell out!” kind of way. It’s a good idea to change your password often, but it’s an especially good idea if you use a site that employs an OpenSSL version that’s vulnerable to the recently discovered Heartbleed bug. You might be fine, but it’s better to just change your passwords anyway.

The OpenSSL bug doesn’t actually mean that any one site’s database of customer information has been exposed. SSL is the secure system by which your computer and the system it’s contacting make sure they are who they say they are and that your data is going from point a to point b without anyone getting in the middle.

Well, surprise! A coding bug in some common versions of OpenSSL that sites use allows someone to look inside this “secret handshake” and intercept the data that’s being passed back and forth.


Data contained in this secret handshake: friendship.

So, anyone who’s been listening in would’ve been able to lift any secure data right out without anyone ever knowing. Yeah, good luck ever getting your parents to trust online shopping now.

There’s a decent list you can check here to see which sites have been affected, and maybe stay off of them until you’re sure they’ve instituted an updated version of SSL that addresses the bug. As a smart preventative measure, Minecraft‘s servers were taken offline, because they make use of load balancing services offered by Amazon that use the bugged SSL.

They even had to drop support for an older login method that is beyond repair:

If you’re looking for the silver lining here, it’s that Minecraft and the rest of these sites themselves haven’t actually been hacked.  They just had to switch to an updated version of SSL, and everything should be fine again. Still, it’s best to avoid using sites that are vulnerable to the bug until you’re sure they’ve been fixed—especially considering that pretty much everyone on the Internet knows about the bug now.

And maybe change your passwords.

(via Gizmodo, image via Perspecsys Photos)

Meanwhile in related links

Have a tip we should know? [email protected]

Filed Under:

Follow The Mary Sue:

Dan Van Winkle (he) is an editor and manager who has been working in digital media since 2013, first at now-defunct Geekosystem (RIP), and then at The Mary Sue starting in 2014, specializing in gaming, science, and technology. Outside of his professional experience, he has been active in video game modding and development as a hobby for many years. He lives in North Carolina with Lisa Brown (his wife) and Liz Lemon (their dog), both of whom are the best, and you will regret challenging him at Smash Bros.