Gone Phishing: Mojang Reset 1800 Minecraft Passwords

This cow has stolen your password and is a jerk

A phishing scam has caught out more than 1,800 Minecraft users who have had their account email addresses and passwords posted online, say Mojang.

Mojang have reset those accounts’ passwords and e-mailed their owners to let them know about the situation. As evidently not everyone is clued-in about online security, let’s consider this a public service announcement to really, really be careful with our online accounts.

Posting on the official blog Mojang’s Owen Hill explained that the security breach wasn’t a result of hacking, but of people being fooled into entering their details on non-Mojang websites. The blog post echoes a statement from Microsoft, the company which now owns Minecraft following its acquisition of Mojang for $2.5 billion:

“We can confirm that no Mojang.net service was compromised and that normal industry procedures for dealing with situations like this were put in place to reset passwords for the small number of affected accounts,” a Microsoft spokesperson told The Guardian.

“When we discover lists of gamertags, usernames and passwords posted online, we take immediate action to protect our customers by reviewing for valid credentials and resetting account access when necessary.”

If Mojang haven’t sent you an email then you weren’t on that list. However if you use the same password for multiple services you might like the take the opportunity to change your Minecraft login anyway. A huge part of why these accounts are a target is that people reuse passwords, so gaining access to your game account could yield access to more lucrative services. I *KNOW* so many of you know that and that it’s internet safety 101 but just in case one person reading it doesn’t then hooray for helping!

1 Comment

  1. vorador says:

    You can set up the best security in the world and do audits every month, but nothing will save your service from the weakest link.

    People.