On January 19, German media reported that more than 1800 user names and passwords of Minecraft players have leaked online, allowing random people from the internet to break into their blocky world. According to Heise, some of the accounts belong to German players, and a few credentials have already been tested and confirmed as legit.
The leaked credentials have been published in clear text to Pastebin, allowing unauthorized individuals to log into players" game worlds, as well as download a free copy of Minecraft which normally retails for 19.95 EUR.
It is not yet clear what method has been used for the exploit, but there are a number of possibilities, including phishing attacks, keylogger malware, or even a Minecraft security breach, which would be bad news for the over 100 million players of the popular game. There is no official word yet on this issue from Mojang, the developers of the game.
So far only 1800 passwords have leaked online, but this may be just a sample of what the attackers have in store, so this is probably a good time to change your password, unless you want all those hours that you spent building your world to go to waste.
Mojang, the studio behind the game, has been acquired by Microsoft in September 2014 for a "modest" 2.5 billion. Minecraft is a very popular game played by people of various ages, in which you can build anything you imagine, one block at a time, kind of like a digital Lego.
UPDATE: Microsoft has stated that "no Mojang.net service was compromised and that normal industry procedures for dealing with situations like this were put in place to reset passwords for the small number of affected accounts."
Source:Heise via Hotforsecurity