A report issued by German website Heise stated that hackers have managed to steal the passwords and login email addresses of more than 1,800 German Minecraft accounts. This information now resides in plain text on Pastebin, allowing anyone to access the compromised accounts and download the $27 game for free.
With a user base of more than 100 million PC gamers, the number of compromised accounts is rather small. How these accounts have been compromised is unknown at this point, but there's speculation that this could be just the beginning of something larger. The hackers may have even stashed away more Minecraft account credentials to "publish" at a later date.
"There is no mention of the security breach on Minecraft's homepage, but my recommendation would be that if users have any concern that their accounts might be exposed to hackers that they should change their passwords immediately," said security analyst Graham Cluley. "It goes without saying that they should be particularly concerned if they are using the same password anywhere else on the web."
Cluley also pointed out that with these email addresses in hand, hackers will not only know who is playing Minecraft, but they could spam these players with malicious game-related "patches" and links to fake, infected Minecraft sites. The information could also be used to access other non-Minecraft accounts as well, if players are using the same credentials.
Concerned Minecraft gamers are encouraged to change their login information immediately. Mojang provides tips for creating a good password right here.
News of the Minecraft breach follows an update by SplashData on Monday that lists the worst passwords of 2014. The top ten include "123456," "password," "12345," "12345678," "qwerty," "123456789," "1234," "baseball," "dragon" and "football." Other bad passwords include "superman," "batman," "111111," "trustno1," "123123" and many more. Web surfers are suggested to not use their birthday or favorite sport.
"The bad news from my research is that this year's most commonly used passwords are pretty consistent with prior years," said online security expert Mark Burnett. "The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that's the lowest percentage of people using the most common passwords I have seen in recent studies."
Cluley's news update on Monday provided a partial view of the leaked Pastebin file, showing that the first twenty Minecraft gamers on the list aren't using basic passwords like "123456" and "superman," which is a good thing. Again, German Minecraft gamers who are concerned that their credentials could be served up on the Pastebin file should change their login information now.
So far, there's no word on additional leaked Minecraft credentials from other territories such as North America.