Security Alert! Heartbleed Bug Shuts Down Minecraft
A bug in a software update for OpenSSL — the open-source cryptographic software library the vast majority of Web servers use — means protected information stored all across the Internet is now open to hackers. It’s called the Heartbleed Bug, and it’s serious enough that Mojang has temporarily shut down its Minecraft servers in an attempt to protect customers.
Markus “Notch” Persson raised the alarm about Heartbleed this morning when he announced the temporary shutdown of Minecraft on Twitter:
We temporarily took down our servers due to this: http://t.co/Fh31TYlRQz A LOT of websites and services are affected by this. Be careful.
— Markus Persson (@notch) April 8, 2014
How bad is it? The folks at OpenSSL said they were able to slip in and steal info without being detected:
We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.
An emergency patch, OpenSSL 1.0.1g is now available for download and a more complete fix, OpenSSL 1.0.2, is coming soon.
What’s that mean for gamers? Get ready to change your passwords. ALL of your passwords. Service providers have to first download the OpenSSL patch, though, so make sure you make your password switch after you’re alerted.