Microsoft denies Minecraft server breach

January 22, 2015 // 9:17 a.m.

Tags: #breach #insecurity #minecraft #phish #phishing #security

Companies: #microsoft #mojang

Microsoft has denied that the disclosure of nearly two thousand account credentials for its Mojang.net service, which is responsible for the hit block-'em-up Minecraft, is indicative of a breach of its network.

Minecraft hit the news for all the wrong reasons recently when a batch of over 1,800 user accounts had their details posted publicly - including passwords in plain-text, ready to use. Although the ability to take over a user's Minecraft world isn't exactly the most tempting target for criminals, the release sparked fears that users who had reused email addresses and passwords on other services such as internet banking sites could be at risk - and that the attackers may have made off with a larger proportion of the 100 million accounts registered on Mojang.net but kept the bulk of the data secret.

Microsoft has now officially denied the latter scenario. 'We can confirm that no Mojang.net service was compromised,' the company told The Guardian in a statement on the matter, 'and that normal industry procedures for dealing with situations like this were put in place to reset passwords for the small number of affected accounts.'

Mojang was acquired by Microsoft for a whopping $2.5 billion last year, largely in response to the fantastic success of its Lego-like world-building epic Minecraft. The game has spread from PCs to consoles and mobile devices, and even has real-world merchandise in the form of physical blocks, action figures, and a themed Lego set.

Microsoft has not indicated how it thinks the usernames and passwords were obtained if not through a breach of its network, but the most likely explanation would be a phishing attack on the victims carried out via email.
Discuss this in the forums

QUICK COMMENT

Week in review

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU