Heartbleed, and why you should change your password

You might have already seen this article, but if you haven’t I just wanted to make you aware of it.

Two days ago a serious vulnerability (that’s been named “Heartbleed”) in the popular cryptographic software OpenSSL was made public. This weakness could potentially be exploited to steal information, such as login information, that normally would be protected by encryption. This software is used by roughly two thirds of the internet so a lot of services were or are at risk of being affected.

What did Mojang do?

As soon as we realized the severity of the exploit we decided to shut down all of our systems until a fix was available. This is why you were unable to log in yesterday. We then made sure that all of our services that use SSL no longer had this vulnerability before bringing them back online. We also updated all of our SSL certificates.

What should I do?

Change your Mojang/Minecraft account password
Since uses of the exploit leaves no traces, there’s no way for us to guarantee that your password hasn’t been compromised. Therefore, if you typed in your password into any of our games or websites during the last couple of days we strongly advice you to change it. Even if you haven’t logged in, it can still be a good idea the to change your password. One can never be too careful on the internet!

Change the password of your Mojang account

Change the password of your Minecraft account

Also see our help article on choosing a good password.

Change your other passwords
Remember that since many other parts of the internet was affected as well you should also change your password for any other services that you have logged in to recently.

Taken from the mojang website.

Edit: on a more positive note, this was my 100th post! Here’s to the next 100!

Good Job Penguin this is very informative, Thank you.

Thanks for the heads up!

It’s not just minecraft. It’s the while internet. This should be done on Facebook, Gmail, bank accounts, and anything else that could potentially have your credit card information or personal information such as social security number

Yup! It doesn’t affect everyone, but it affects some people. Better be safe than sorry! Please pass on the word :wink:

Not worried about my bank, you have to use a number generated by a little key thing which i have with me. All banks should do this, something so simple, yet makes it so much more secure.

Not all banks, at least not in the US

I said they should, not that they do. If they did, heartbleed wouldn’t be an issue for any of them.

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ - A pretty good list of sites affected

thanks a ton sip. i also heard Steam may have been comp? is that just a rumor?