A report issued by German website Heise stated that hackers have managed to steal the passwords and login email addresses of more than 1,800 German Minecraft accounts. This information now resides in plain text on Pastebin, allowing anyone to access the compromised accounts and download the $27 game for free.
With a user base of more than 100 million PC gamers, the number of compromised accounts is rather small. How these accounts have been compromised is unknown at this point, but there's speculation that this could be just the beginning of something larger. The hackers may have even stashed away more Minecraft account credentials to "publish" at a later date.
"There is no mention of the security breach on Minecraft's homepage, but my recommendation would be that if users have any concern that their accounts might be exposed to hackers that they should change their passwords immediately," said security analyst Graham Cluley. "It goes without saying that they should be particularly concerned if they are using the same password anywhere else on the web."
Cluley also pointed out that with these email addresses in hand, hackers will not only know who is playing Minecraft, but they could spam these players with malicious game-related "patches" and links to fake, infected Minecraft sites. The information could also be used to access other non-Minecraft accounts as well, if players are using the same credentials.
Concerned Minecraft gamers are encouraged to change their login information immediately. Mojang provides tips for creating a good password right here.
News of the Minecraft breach follows an update by SplashData on Monday that lists the worst passwords of 2014. The top ten include "123456," "password," "12345," "12345678," "qwerty," "123456789," "1234," "baseball," "dragon" and "football." Other bad passwords include "superman," "batman," "111111," "trustno1," "123123" and many more. Web surfers are suggested to not use their birthday or favorite sport.
"The bad news from my research is that this year's most commonly used passwords are pretty consistent with prior years," said online security expert Mark Burnett. "The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that's the lowest percentage of people using the most common passwords I have seen in recent studies."
Cluley's news update on Monday provided a partial view of the leaked Pastebin file, showing that the first twenty Minecraft gamers on the list aren't using basic passwords like "123456" and "superman," which is a good thing. Again, German Minecraft gamers who are concerned that their credentials could be served up on the Pastebin file should change their login information now.
So far, there's no word on additional leaked Minecraft credentials from other territories such as North America.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks
Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers
Lol how ironic, I just made a Minecraft account todayReply
I learned how to hack from minecraft, how could these hackers do this to me.Reply
Maybe they built a redstone computer to do the hacking for them.Reply
This is terrible! All the terrible things these hackers can do with this information! They can hack my blocks, lol.Reply
Dear North Korea, hacking poor children games is a punch below the belt.Reply
With so few accounts, i believe it was phishing rather than an actual hack.Reply
they probay got access to like maybe 1 server. 1800 accounts isn't much!Reply