Users of the popular open world building-block game Minecraft should change their passwords immediately. According to a report from German newspaper Heise, over 1,800 usernames and passwords have been posted online by unknown persons.
Update: Microsoft has responded, and says that the affected passwords have been reset. It has not said how the passwords were obtained.
Minecraft is developed by Mojang, a Swedish company acquired by Microsoft Corp. last year for $2.5 billion. A Microsoft spokesperson confirmed that the passwords were legitimate Minecraft credentials, but that they were reset for affected users.
"We can confirm that no Mojang.net service was compromised and that normal industry procedures for dealing with situations like this were put in place to reset passwords for the small number of affected accounts," a Microsoft spokesperson said. "When we discover lists of gamertags, usernames and passwords posted online, we take immediate action to protect our customers by reviewing for valid credentials and resetting account access when necessary."
The passwords were being used to log in to Minecraft.net and install a full version of the game on PC. The usernames and passwords were posted online
Microsoft did not respond to a question about how the credentials were obtained. In the past, similar credentials were obtained by a few methods, including hacking a company’s server or using malware installed on a users’ computer to steal information.
Heise reports that the passwords can be used to log in to Mojang.com and Minecraft.net, which would confirm their validity. As a precaution, Minecraft players should probably change their passwords if they use the same one to log in to any other accounts -- especially on banking and e-commerce sites.