Minecraft Exploit Lets Some Users Impersonate Other Players

Smash hit Minecraft has been compromised over the past week — a flaw in the game’s authentication system has resulted in one of the weirdest exploits of a game in recent memory.

Unlike your standard hack, which breaks into a game’s database and steals (or attempts to steal) usernames, passwords and account information, this incident has allowed people to log in to the game and play as somebody else.

The game’s authentication servers have all been taken down until the weak spot can be isolated and removed. “The hack does not expose your passwords or other personal details,” Minecraft creator Marcus “Notch” Persson wrote on Twitter. “It only lets you log in as anyone by doing something with the session it.”

“Exactly what that ‘something’ is, I haven’t understood yet. There’s [sic] emails going on between people who seem to understand it, though.”

The problem was first noticed a few days ago when Persson’s personal account was seen to be logging onto multiple servers that he hadn’t actually joined.

It’s important to note that the exploit does not appear to leave all users of the game vulnerable; only those who recently migrated their accounts to a Mojang account and log in using their email addresses.

UPDATE: That Mojang, it works fast. The servers are now back up, and “it’s no longer possible to login as someone else”.

Houston we have a Problem… [Mojang]

The Cheapest NBN 1000 Plans

Looking to bump up your internet connection and save a few bucks? Here are the cheapest plans available.

At Kotaku, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.


2 responses to “Minecraft Exploit Lets Some Users Impersonate Other Players”

Leave a Reply

Your email address will not be published. Required fields are marked *