Mojang security not compromised, passwords were leaked via phishing attacks

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Mojang security not compromised, passwords were leaked via phishing attacks

Earlier this month, a German publication reported that over 1,800 Mojang accounts were compromised, and the login credentials were posted in a plain text format. It’s not a big percentage when you consider the total user base of the game, but it’s still worrying for many. However, Mojang has responded to the issue, and explained it was not a hacking attempt.

In a blog post, the company confirmed there mainframe was not hacked, and all those credentials which were compromised were through phishing attacks, making people give out their passwords to some “bad people”. The company further said that the passwords are saved in a highly encrypted format so the users have nothing to worry about.

“No! We haven’t been hacked. A bunch of bad people have tricked some of our users into disclosing their account information. We’ve emailed everyone affected, and reset all compromised passwords. If you haven’t received an email from us, you don’t need to worry,” Mojang’s Own Hill said. “No-one has gained access to the Mojang mainframe. Even if they did, we store your passwords in a super encrypted format. Honestly, you don’t need to panic.”

Owen mentioned that emails have been sent out to all affected users, and reset their passwords — even if you didn’t receive any email, it’s still a good idea to change your password. Furthermore, he advised users never to give out their login information on any website not owned by the company — it’s even better not to respond or open emails which asks for your login information, phishing attacks are quite common and many people are affected by it. 

As a quick reminder, never use a similar password on multiple websites, and make sure you use a mixture of upper/lowercase alphabets, numbers and special characters in your passwords to make sure it’s hard to guess.