Mojang, makers of Minecraft, are the latest to fall victim to the OpenSSL security vulnerability dubbed the “Heartbleed” bug.
In an announcement earlier today, the developer said that it has updated all of its OpenSSL services, as well as acquired new SSL certificates. During this time players were unable to log into the game, which was in all to make sure that the security loophole was resolved.
Regardless they issued a statement, urging the players to change their passwords just to be on the safe side.
“Since uses of the exploit leaves no traces, there’s no way for us to guarantee that your password hasn’t been compromised,” noted Mojang. “Therefore, if you typed in your password into any of our games or websites during the last couple of days we strongly advice (sic) you to change it. Even if you haven’t logged in, it can still be a good idea the to change your password.”
The security loophole also forced Mojang to discontinue support for the “Legacy” Launcher, which used OpenSSL. Players were instructed to download a different version of the launcher from the official site. Developers, who use their own Minecraft Authentication were instructed to switch to the latest version as well.
“If you’re using a Minecraft version older than 1.6 you need to download the current launcher (version 1.3.11) from minecraft.net. The current launcher lets you play older versions of Minecraft as well so you can still play on your pre-1.6 servers.”
OpenSSL is a open source implementation of the SSL and TLS protocol used for encrypting data. Heartbleed Bug is a critical programming bug in OpenSSL discovered recently by the security firm Codenomicon which allows hackers to remotely steal encrypted data remotely without leaving a trace.