Minecraft Servers Down After Web-Breaking OpenSSL Bug Discovered
Hundreds of websites and servers are to be affected after the discovery of a web-breaking bug that makes an estimated two-thirds of all servers accessible to hackers. Passwords, bank details and more could be available to those that know how to get them, and it’s not just favourite websites that are affected. The Minecraft servers, for starters, have been temporarily shut down while developer Mojang looks into the problem.
Notch took to Twitter to explain why people were having problems logging in, and asked them to be careful.
We temporarily took down our servers due to this: http://t.co/Fh31TYlRQz A LOT of websites and services are affected by this. Be careful.
— Markus Persson (@notch) April 8, 2014
It’s unlikely that Mojang will be the only company good enough to close their servers while they research the problem this might cause for users, but they were certainly the first. They’ve reacted quickly, and it’ll be interesting to see how others react.
The problem with the OpenSSL bug is that, even though it is now fixed, those that exploited it ahead of the patch may still be able to access the servers. For popular sites and games, it’s very possible someone decided to try to break into the servers and, if they knew this exploit, would still be able to do so.
From Ars Technica:
The bug, which is officially referenced as CVE-2014-0160, makes it possible for attackers to recover up to 64 kilobytes of memory from the server or client computer running a vulnerable OpenSSL version.