[IMPORTANT] 'Heartbleed' Hacking

Two days ago a serious vulnerability (that’s been named “Heartbleed”) in the popular cryptographic software OpenSSL was made public. This weakness could potentially be exploited to steal information, such as login information, that normally would be protected by encryption. This software is used by roughly two thirds of the internet so a lot of services were or are at risk of being affected.

What did Mojang do?
As soon as we realized the severity of the exploit we decided to shut down all of our systems until a fix was available. This is why you were unable to log in yesterday. We then made sure that all of our services that use SSL no longer had this vulnerability before bringing them back online. We also updated all of our SSL certificates. That is probably why the servers are down.

What should I do?
Change your Mojang/Minecraft account password
Since uses of the exploit leaves no traces, there’s no way for us to guarantee that your password hasn’t been compromised. Therefore, if you typed in your password into any of our games or websites during the last couple of days we strongly advice you to change it. Even if you haven’t logged in, it can still be a good idea the to change your password. One can never be too careful on the internet!

Change the password of your Mojang account

Change the password of your Minecraft account

Also see the help article on choosing a good password.

Change your other passwords
Remember that since many other parts of the internet was affected as well you should also change your password for any other services that you have logged in to recently.

Anything else that I need to know?
Legacy launcher discontinuned
Due to this incident we’ve been forced to discontinue support for the legacy Minecraft launcher (the one used before version 1.6). If you’re using a Minecraft version older than 1.6 you need to download the current launcher (version 1.3.11) from minecraft.net. The current launcher lets you play older versions of Minecraft as well so you can still play on your pre-1.6 servers.

For developers
Since the legacy launcher no longer works we are also retiring the old login.minecraft.net service. If you have created your own Minecraft authentication that uses this scheme you will need to migrate it to the new authentication scheme. The new authentication scheme is described in this community wiki for private use.

Thanks,

-TheDruid

 

k.

 

He writes all this and you say "k"? Wow, just wow.

 

Doing this now. Thanks for the helpful info.

 

I need to reset my E-mail address before I can do that -_-

 

The exploit never worked on MineCraft, they're trying to make themselves look good.

 

Thats the operative phrase

 

Here is how people may have hacked accounts, said by someone on RBXDev forums when I asked if Roblox was affected (which is wasn't):

Not a 100% chance it happened to you, mostly if you logged in.

 

I already changed my MC password, I'll try to change other passwords later.

 

Might as-well do it now, thanks for the help!

 

Seriously? Is writing "Ok, I'll do it" better? Wow just wow. Do you always go around rating comments bad for not being "Long enough?" It's my comment, and if I don't want it to be long? I don't care how you like my comment.
Wow, kids these days.

 

Kids?! I'm a bloody 13-year old for god's sake! Do you not look at ages? Anyway PLEASE get back on topic and I do not care if I am being a hypocrite!

 

You're a 15 year old and you tell a 14 year old "Kids these days". Seems legit. That also means you're a kid too, not a teenager.

 

I made a post on this earlier if u wanna check it out it gets in on the more technical side to see where it went wrong and the good and the bad of it but a cool site to check for info on this bug is Heartbleed.com

 

Leon is 11, I think.. ._.
At least that's what I remember.

 

My mental age is supposedly college level brain smarts but my social level is let's see 15/4 is about ... 3and 1/4 ya that's my social age