Minecraft is hella fun and it's one of those games where you start playing just to pass the time but eventually get hooked on. But it's not without its bugs, as Team Avolition researchers Alex Vanderpot and Keegan Novik soon discovered.
The pair came across a security hole that shady users could exploit in order to gain access into other Minecraft players' user accounts.
The sort-of good news is that only migrated accounts were affected.
A malicious attacker can log on using any migrated account to any Minecraft server relying on Mojang Specifications’ official authentication servers to verify user authenticity. This can allow an attacker to gain access to players’ accounts causing losses within the game, or allow an attacker to gain access to a privileged account on the server.
-- Alex Vanderpot and Keegan Novik
If left unfixed, the vulnerability will let attackers use the privileged accounts to access the data and OS information stored on Minecraft's servers.
Update: Mojang quickly acted on the researchers' findings and took down their authorization servers to address the hole. Everything's back up and running and the hole is now all patched up!