Minecraft leak wasn't company's fault, Microsoft says

Microsoft says the list of more than 1,800 e-mail addresses and passwords was compiled through phishing attacks and malware.

Don Reisinger
CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
2 min read

Microsoft says Minecraft isn't to blame. Microsoft

The leak of more than 1,800 e-mails and passwords of Minecraft users wasn't the result of a hack, Microsoft said Wednesday.

Microsoft, which now owns the Minecraft franchise after acquiring game developer Mojang in November, told CNET on Wednesday that there is no evidence the service was compromised and noted that it has already reset passwords for the affected addresses.

"We can confirm that no Mojang.net service was compromised and that normal industry procedures for dealing with situations like this were put in place to reset passwords for the small number of affected accounts," a Microsoft spokesperson said. "When we discover lists of gamertags, usernames and passwords posted online, we take immediate action to protect our customers by reviewing for valid credentials and resetting account access when necessary."

Earlier this week, German news site Heise reported the leak of the e-mail addresses and associated passwords. All of the accounts came from the wildly popular block-building game Minecraft, leading to speculation that Mojang.net, the service that hosts the game, had been compromised by hackers. After investigating the leak, Microsoft said it believes the leaked e-mail addresses and passwords were obtained via phishing attacks or malware.

Given the sheer number of Minecraft players, it's feasible that the 1,800 people were victims of phishing attacks or malware. Had there been a massive data breach at Mojang, it's likely that many more people would have had their information stolen or exposed.

Whatever the nature of the attack, it's clear that gaming services have become desirable targets for hackers. Starting December 24, Microsoft's Xbox Live and Sony's PlayStation Network online-gaming services were attacked by hacker collective Lizard Squad. The denial-of-service attacks on both networks, which lasted for a few days, shed light on the ease with which sophisticated hackers can target a network and quickly take it down.

"Well, one of our biggest goals is to have fun, of course," an alleged Lizard Squad member told the Washington Post about the attack. "But we're also exposing massive security issues with these companies people are trusting their personal information with. The customers of these companies should be rather worried."

Back in September, Microsoft announced that it would acquire Mojang for $2.5 billion. The deal's size shocked the gaming world, but reflected just how popular the game franchise has become. The acquisition was completed in November.

Minecraft launched in 2009 with no real story or end-goal for gamers. Instead, the game asks that they create their own virtual worlds and explore others. The game is available on mobile devices, computers, and game consoles. Earlier this month, Mojang said that its mobile version, called Minecraft: Pocket Edition, had notched 30 million units sold. Minecraft has over 100 million users on PCs and tens of millions on game consoles.

Update, 9:36 a.m. PT: Adds comment from Microsoft.