Skip to main content

Hackers Mine Minecraft Usernames, Passwords

In case you haven't read the word "mine" enough yet today, here's your quota: A group of hackers known as OurMine has mined Minecraft for a goldmine of login information. How the group did it is not perfectly clear, but it claimed that the hack was for Microsoft's own good so that the company could improve Minecraft's security practices. In a roundabout way, the plan worked: Microsoft claims it's already fixed the issue.

Information comes from the news section of OurMine's own website. The group of troublemakers posted a video that demonstrates — but does not explain in exact terms — how it could use a fake Mojang login site to bypass the real thing. After that, the group could access pretty much anyone's Minecraft login information by using only an e-mail address.

MORE: Best Antivirus Software and Apps

The basic gist of the hack is that OurMine used the legitimate login page's cookies against it. The group designed an almost exact replica of the Mojang login page, then registered for a new account with the target email address and whatever password they chose. After using a plugin to remember the site's cookies, the OurMine representatives then visited the real Mojang site. The site "remembered" the fake credentials and let OurMine in, there to wreak whatever kind of havoc they chose.

Security news site Network World got in touch with OurMine to see if the hacker group could really do what it claimed. The hacktivists did not disappoint. Using only an email address supplied by Network World, OurMine was able to get into a Mojang account set up for these purposes and change the username as proof of its success.

To its credit, OurMine claims that it has no interest in either compromising user accounts or selling its information to cybercriminals. Rather, the group's unauthorized activities are all supposedly in big companies' best interest, intended to demonstrate security holes rather than do any real harm. In this case, it worked: a few hours after OurMine's update, Microsoft said the issue had been dealt with. Microsoft and OurMine don't appear to have worked together to patch it, however.

Whatever the case, Minecraft users can now rest a bit easier, knowing that a security hole in their game of choice is no longer a threat. Whether OurMine's methods were justified or elegant is, of course, another matter altogether.