Accounts Hacked Change Your Passwords

Well this week some minecraft users were hacked again and some members of the skyblock community were also hacked so i strongly advise you all to change your minecraft passwords for the saftey of yourselves and others...

EDIT: Minecraft wasnt hacked but if you were using the internet you could well have been hacked...

 

I probably was.

 

I saw people boasting the other day that they were and have hacked people, shall I pass these on to anybody? I took screenshots.

Has this become a problem lately?

 

yes post it in reports if you have enough evidence please

 

Well the only evidence present would be him say it. And in a very provocative way, purely to get a reaction. probably trollin'

 

K, posted a report in the 'reports' section. I also noticed that Zara had had account issues. I believe this player is named in my screenshots. Hope this helps.

 

I don't think it is necessary for people to change their passwords, unless they have poor ones like 123456. It isn't like the SkyBlock database (If there were one ) got hacked, and all user passwords were leaked -- it is most likely simple account cracking with a bruteforcer like the one on WeepCraft.

 

Again if you follow the golden rules regarding accounts, you're fine:

1) Use a good password that you can't find in a dictionary, Eg. make it up by combining a phrase "The quick brown fox jumps over the lazy dog" = tqbfjotld, add numbers and special characters = tqbfjot!ld@1736
2) Don't reuse passwords between websites. Good websites that know what they're doing will store the passwords properly, but those that don't will expose your password by storing it poorly.
3) Use a service like LastPass if you want to best manage your passwords.
4) There is NO NEED to "change your password regularly" if you follow the rules above - changing your password regularly increases the chance you'll have to do something silly like writing it down or using a simple password.

 

My friends password for something (not minecraft) im not telling you the website is dbz (dragon ball z) and i wont tell you the rest of his password cause there is some numbers

 

If you're really interested, here's an article outlining the latest in password practices from the top 100 websites:
https://www.dashlane.com/download/securityroundup_2014_q1/The_Illusion_of_Personal_Data_Security_in_E-Commerce_%28Press%20Release%29.pdf

Shockers include websites allowing blank passwords, passwords of "1", or even Major League Baseball allowing the password "baseball"

 

This is not an issue with users hacking, this an issue SSL security which effected tens of thousands of websites and databases across the web. All users should change their passwords, it's not "simple account cracking with a bruteforcer like the one on WeepCraft" and its nothing something that can be circumvented by having a secure password.

 

No point changing the passwords if the site hasn't patched the vulnerability or changed their SSL keys, you need to look for a site that has SSL certificates of date after 8th April 2014

 

Let me rephrase, change you Minecraft passwords. No one cares about a Skyblock forum db.

 

But but...all my posts, and my friendly ratings...

Seriously though, most people reuse usernames and passwords across different things, meaning that if someone got the Skyblock forum db there'd be a good chance they'd not only get your minecraft username/password, but also access to other accounts like twitter, facebook etc.

 

Which is why I'm saying to change your non-skyblock passwords.

 

Was mainly referring to your comment that no one cares about a Skyblock forum db

 

I saw that post on minecraft.net, they claim to have shut their services down as soon as they realized the breach in security, but I suppose there is still that chance. Other sites, however, would likely be more common to have user account info leaked (Because they did not shut down their service, I would assume). I won't go through the lengthy process of changing all of my passwords, rather the few that are serious, others I can just reset with email if necessary.

 

You forgot to mention that this exploit.. If you can even call it that has been around since 2012, since then it was patched. Need I even bother to add it didn't effect MineCraft at all? Mojang is just trying to look like a good guy about it. Also the developers of SSL have already confirmed no data was actually unencrypted or taken, it was only just made public, any site that hasn't patched the SSL related stuff in 2 years has some serious questioning to answer.

 

people didn't know that before now that you told us then if someone DOES find your password then they CAN use it for all your stuff

 

The exploit itself has been around for a while, but never to this level. Think of it as a small leak in a barrel. They patched it well enough to hold normal pressure, but as the pressure built up, those patches burst more and more. Mojang was affected just as much as any other website that uses OpenSSL authentication.

Regardless, this is not something to argue about, it will only confuse people. I've said what I have to say, and will not continue to discuss it. If you feel the need to give your users a false sense of security, then so be it. That's why I left in the first place.