14 DAY TRIAL // Game developer Mojang announced this week that its service had not been compromised, quenching fears that a leaked database with more than 1,800 Minecraft account credentials was just the beginning of a larger data spill.
At the beginning of the week, a report came out from German magazine Heise about over 1,800 usernames and clear text passwords for the open-world game Minecraft being available in the public domain.
The publication did not say anything about a cyber-attack on the computer network of Mojang, now owned by Microsoft, but many users believed that the leak was the result of such an incident.
Given that Minecraft has over 100 million registered users, a hack attack would have resulted in a slightly larger database, to say the least. Also, there is a fat chance that Mojang stores sensitive information in plain text, although some standards for secure information storage can be broken.
“We can confirm that no Mojang.net service was compromised and that normal industry procedures for dealing with situations like this were put in place to reset passwords for the small number of affected accounts,” the Guardian learned from a spokesperson at Microsoft.
The database with the Minecraft credentials could have been compiled based on successful phishing attacks or by testing credentials stolen from other online services on Minecraft accounts.
However, checking some of the emails in the database provided by open-source project Canary, we noticed that many of the entries were present in other databases, some as old as September 2014.