Minecraft Exploit Lets Some Users Impersonate Other Players

Minecraft Exploit Lets Some Users Impersonate Other Players

Smash hit Minecraft has been compromised over the past week — a flaw in the game’s authentication system has resulted in one of the weirdest exploits of a game in recent memory.

Unlike your standard hack, which breaks into a game’s database and steals (or attempts to steal) usernames, passwords and account information, this incident has allowed people to log in to the game and play as somebody else.

The game’s authentication servers have all been taken down until the weak spot can be isolated and removed. “The hack does not expose your passwords or other personal details,” Minecraft creator Marcus “Notch” Persson wrote on Twitter. “It only lets you log in as anyone by doing something with the session it.”

“Exactly what that ‘something’ is, I haven’t understood yet. There’s [sic] emails going on between people who seem to understand it, though.”

The problem was first noticed a few days ago when Persson’s personal account was seen to be logging onto multiple servers that he hadn’t actually joined.

It’s important to note that the exploit does not appear to leave all users of the game vulnerable; only those who recently migrated their accounts to a Mojang account and log in using their email addresses.

UPDATE: That Mojang, it works fast. The servers are now back up, and “it’s no longer possible to login as someone else”.

Houston we have a Problem… [Mojang]


Show more comments

Log in to comment on this story!