Exploit Found in Minecraft, Some Users Able to "Impersonate" Other Players [Update]

Illustration for article titled Exploit Found in Minecraft, Some Users Able to "Impersonate" Other Players [Update]

Smash hit Minecraft has been slowly found to have been compromised over the past week, a flaw in the game's authentication system resulting in a loophole that's given us one of the weirdest exploits of a game in recent memory.

Unlike your standard hack, which breaks into a game's database and steals (or attempts to steal) usernames, passwords and account information, this incident has allowed people to login to the game as somebody else and play around using their identity.

The game's authentication servers have all been taken down until the weak spot can be isolated and removed. "The hack does not expose your passwords or other personal details", Minecraft creator Marcus "Notch" Persson wrote on Twitter, "it only let you log in as anyone by doing something with the session it."


"Exactly what that "something" is, I haven't understood yet. There's emails going on between people who seem to understand it, though."

The problem was first noticed a few days back when Persson's personal account was seen to be logging onto multiple servers that he hadn't actually joined.

It's important to note that the exploit does not appear to leave all users of the game vulnerable; only those who recently migrated their accounts to a Mojang account, and who login using their email address.

UPDATE - That Mojang, it works fast. The servers are now back up, and "it's no longer possible to login as someone else".


Houston we have a Problem... [Mojang]

Share This Story

Get our newsletter


Isn't that game in the picture Fez?