Update: There is official confirmation on the Mojang blog (linked below) that the exploit is fixed! AuthMe has been disabled.
For a better understanding of the exploit, go here:
reddit PSA
Official Minecraft Blog post
Basically, there was an exploit with the Minecraft authentication servers that allowed anyone with the exploit to log in to any migrated Minecraft account. My account is migrated and was targeted. A person logged in to my account, OP'd another account and then used that account to disband several factions starting with the letter "T". Luckily this person was stopped before any serious damage was done.
Thankfully, nearly every faction that was disbanded was actually inactive so this wasn't really a problem. I was able to save TnG and Tyche which were the only ones I could tell were active. Sadly, if you created a faction today that started with the letter "T", you might have lost your faction as the backup I was comparing the disbanded factions to was from last night.
As of right now, 1:16AM PST, the official Minecraft.net authentication servers are down while this exploit is being fixed. Hopefully this fix will come soon but to be extra safe until confirmation of a fix is announced, we will be using the AuthMe plugin. When you first join, you will be asked to register a password. DO NOT FORGET IT. Upon future logins*, you will be asked for this password. Until you enter your password, you will not be able to type commands, chat, or move.
*Logins have a 10 minute "session" so you can log out and back in within that period without having to re-enter your password. It also checks to make sure you are using the same IP.
Again, this plugin is temporary until an official fix is confirmed.
No comments:
Post a Comment
Sup?