Minecraft was not hacked but user passwords phished

Given the recent rash of Internet security breaches, you'd think that users would be more careful about their online accounts and passwords. Apparently not so. In fact, according to a recent report, "123456" is still the most popular password around. That same disregard for security, or maybe just laziness, has resulted in as much as 1,800 Minecraft accounts, including their passwords, to be compromised. It might be too easy to presume that Minecraft's servers have been hacked, but apparently, it was all the result of a phishing scam.

Minecraft creators Mojang, now part of the Microsoft family, is officially saying that their servers were not hacked. There was no break in. All of these happened because "a bunch of bad people" managed to trick that many people into sharing their passwords, otherwise known as "phishing".

Granted, phishing isn't exactly a simple case of people handing over their passwords knowingly to a stranger. More often than not, they are elaborately designed to fool users into thinking such third parties are, in fact, legit Mojang emails or sites, where users are fooled into logging in and, therefore, giving away their passwords. Of course, to the untrained eye, those emails and websites do seem correct, which is, of course, the entire point. That is why many modern browsers nowadays have tools and features that alert users to such attempts, which are sadly often ignored.

Mojang says that it has already alerted affected users and have forced reset the compromised passwords. Those who aren't affected can still, of course, reset their passwords on their own just to be sure. Mojang also recommends that users make use of different passwords for different services, though that's unlikely to happen. In those cases, it might best to make use of a trusted password manager. As they always say, prevention is the best cure.

SOURCE: Mojang

VIA: Rock, Paper, Shotgun