Heartbleed vulnerability, Change your Mojang and Minecraft Passwords

Discussion in 'General Minecraft Discussion' started by Daguman, Apr 9, 2014.

  1. Heartbleed vulnerability has been posted and noted so you all should change your password for you Enjin/ MC Account login. This has been posted at mojang.com web site by kris on April 9, 2014.

    As Posted in the Mojang.com website. -
    Two days ago a serious vulnerability named "Heartbleed” in the popular cryptographic software OpenSSL was made public. This weakness could potentially be exploited to steal information, such as login information, that normally would be protected by encryption. This software is used by roughly two thirds of the internet so a lot of services were or are at risk of being affected.

    What did Mojang do?

    As soon as we realized the severity of the exploit we decided to shut down all of our systems until a fix was available. This is why you were unable to log in yesterday. We then made sure that all of our services that use SSL no longer had this vulnerability before bringing them back online. We also updated all of our SSL certificates.

    What should I do?

    Change your Mojang/Minecraft account password
    Since uses of the exploit leaves no traces, there’s no way for us to guarantee that your password hasn’t been compromised. Therefore, if you typed in your password into any of our games or websites during the last couple of days we strongly advice you to change it. Even if you haven’t logged in, it can still be a good idea the to change your password. One can never be too careful on the internet!

    Change the password of your Mojang account
    https://account.mojang.com/password

    Change the password of your Minecraft account
    https://minecraft.net/resetpassword

    Also see our help article on choosing a good password.

    Change your other passwords
    Remember that since many other parts of the internet was affected as well you should also change your password for any other services that you have logged in to recently.

    Anything else that I need to know?

    Legacy launcher discontinuned
    Due to this incident we’ve been forced to discontinue support for the legacy Minecraft launcher (the one used before version 1.6). If you’re using a Minecraft version older than 1.6 you need to download the current launcher (version 1.3.11) from minecraft.net. The current launcher lets you play older versions of Minecraft as well so you can still play on your pre-1.6 servers.

    For developers
    Since the legacy launcher no longer works we are also retiring the old login.minecraft.net service. If you have created your own Minecraft authentication that uses this scheme you will need to migrate it to the new authentication scheme. The new authentication scheme is described in this community wiki for private use.

    // Kris and the Mojang Web Force
    As Posted in the Mojang.com website. -

    To view Actual post you can goto: https://mojang.com/
  2. Lol... Enjin.:p
    FDNY21 and technologygeek like this.
  3. When i saw this, I may or may not have tried to DDoS the site that posted it originally.... May or may not....
  4. whats DDoS? :oops:
    technologygeek likes this.
  5. Its when some one attacks a specific IP Address in many cases sending a lot of large packets at once so that the IP Address can not handle all the incoming requests and crashes.
    jkjkjk182 and technologygeek like this.
  6. You totally googled that.
    They viciously attack a web thing, Empire and other large sites have DDos protection but smaller servers don't, leaving them susceptible.
    technologygeek likes this.
  7. Yep, Urban Dictionary
    technologygeek likes this.
  8. #anonymous
    Ark_Warrior1 and jacob5089 like this.
  9. Who google what?