Server Login Servers Temporarily Offline; Fix For Exploit In Progress
A recent exploit was discovered in the Minecraft authorization servers, which allowed players to log in to SMP servers as any account they wished. Mojang temporarily took down the login servers, and have successfully eliminated this exploit.
Minecraft Chick had the following to say on the matter:
Lydia Winters said:
We are aware of the security issues involved with the Minecraft authorization servers and are currently working to fix it.
Right now the authorization servers have been taken offline and will be down until further notice. The Mojangstas are working hard to make sure we get everything back to perfect working order.
We’ll keep you updated as we have a more clear timeline. We really are sorry about this and are working as fast as we can!
Happy Sunday :)
UPDATE: Authorization servers are back online, and the login exploit should no longer be possible.
It is not believed at this time that any account information - such as passwords, security info or any other sensitive information - was compromised. Players are, as in any similar situation, encouraged to change their password when the authorization servers come online, if they feel their information was compromised.
Redditor "barneygale" gave a very detailed breakdown of the process, which you can read by clicking here.