Security Alert! Heartbleed Bug Shuts Down Minecraft

A bug in a software update for OpenSSL — the open-source cryptographic software library the vast majority of Web servers use — means protected information stored all across the Internet is now open to hackers. It’s called the Heartbleed Bug, and it’s serious enough that Mojang has temporarily shut down its Minecraft servers in an attempt to protect customers.

Markus “Notch” Persson raised the alarm about Heartbleed this morning when he announced the temporary shutdown of Minecraft on Twitter:

How bad is it? The folks at OpenSSL said they were able to slip in and steal info without being detected:

We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

An emergency patch, OpenSSL 1.0.1g is now available for download and a more complete fix, OpenSSL 1.0.2, is coming soon.

What’s that mean for gamers? Get ready to change your passwords. ALL of your passwords. Service providers have to first download the OpenSSL patch, though, so make sure you make your password switch after you’re alerted.

Join the Conversation   

* required field

By submitting a comment here you grant GameFront a perpetual license to reproduce your words and name/web site in attribution. Inappropriate or irrelevant comments will be removed at an admin's discretion.

2 Comments on Security Alert! Heartbleed Bug Shuts Down Minecraft

Luke

On April 8, 2014 at 8:11 am

I made a tool to check the status of your SSL and see if heartbeat is enabled.
Tool at: http://rehmann.co/projects/heartbeat/

techkid6

On April 13, 2014 at 8:38 am

The title of this article is very misleading. Minecraft itself was NOT shut down. People could still play, albeit without online play capabilities, to their hearts content. What ACTUALLY happened was a temporary shutdown of Minecraft’s servers, being the Session, Login, Skin, and others.