Zedwork

[Zedwick]

This may be a bit technical, but your passwords used across the internet have likely been compromised in what could be the greatest security threat in history. You should try to read on and understand the situation.

A vulnerability in OpenSSL, which secures 2/3 of the web servers on the internet (normally preventing others from reading your private messages, seeing your passwords and manipulating the data you send to and receive from the server), has been found which exposes data stored in the memory and other systems protected by OpenSSL. Attackers can exploit this vulnerability, nicknamed 'Heartbleed', to read a key which would unlock all 'secure' connections to the server, and can read users' passwords directly from the servers memory. This attack is exceedingly easy to do. You should assume any account used in the last couple of days has been compromised, and your passwords stolen. Heartbleed has existed for 2 years, but there is no evidence it has been exploited before it was revealed on Monday.

Ideally, you should change all passwords for any accounts you have online, but should wait until the website you have the account with has patched this vulnerability. Mojang took their servers down earlier today, preventing players from being able to login to Minecraft servers using their accounts. Whilst Mojang's servers were not directly affected by Heartbleed, Amazon provide load-balancing servers which were and may have leaked your passwords when connecting to Minecraft. Amazon has patched their servers now, and Mojang have brought their service back online. It is safe to login to Minecraft now, and you should change your Minecraft password as soon as possible.

If you would like to learn more about Heartbleed, you can check out this website dedicated to it: http://www.heartbleed.com

My advice is to avoid logging in to any important accounts (banking, shopping websites, email accounts) until you are sure they are safe, and then immediately change your password. Some larger sites currently said to be safe are: Youtube, Google, Facebook, Twitter.

You can use this tool to check which websites are currently vulnerable: http://filippo.io/Heartbleed/
But remember, just because it is not currently vulnerable does not mean it has not been previously. You should change your password as soon as you see that it is 'All good' and avoid logging in whilst it is still vulnerable.

EDIT: The above tool for checking which websites are currently vulnerable may incorrectly report a site is safe, when it is not. You may want to wait a couple of days to be certain. Up to you, though. You could retry the site a few times over a few hours to see if you keep getting the same result, and choose to trust it if so.

[anonny]

Thanks for the heads up Zed, I will check myself via that link you provided.

Good work as always

[TheVortex_20]

thanks for letting us know zed