Minecraft Accounts Hacked – Security Vulnerability On Migrated Accounts
If you have migrated your Minecraft account you want to read this and take action. There is a Minecraft vulnerability that affects all migrated Minecraft accounts. The severity of this is high and the exploit date was first noticed on June 26th, 2012. It wasn’t made public until July 14th.
If you have a migrated account, the attacker can gain access to your account. If the attacker accesses your account, they will also be able to access your privileged account info on the server and can cause losses in the game. The attackers can cause serious damage to data on the machine such as player data, server map files, operating system files, and more.
The vulnerability is caused by failure to authenticate usernames with session IDs for migrated accounts. The attacker is able to reproduce the issue by logging into Minecraft with a migrated account of their own, store the session key, then connect to a Minecraft server with a different migrated username and the same stored session key that they grabbed from their original login. This enables them to access the other migrated accounts info with their original session key and without even knowing your login info.
How can you fix this? You can’t! It needs to be fixed on Mojang’s end. Reports state that a fix was put in for it today (July 15th, 2012). We highly suggest you check your account though if it was migrated. Make sure nothing was hacked in your account and change your password just in case.
This vulnerability needs to be fixed on the authentication level by Mojang Specifications, it cannot be resolved on a server locally.
You can read more about this vulnerability here.