It looks like quite a few Minecraft players may need to check their accounts, as a hack has leaked the details of seven million players. This wasn't a hack in Minecraft itself but rather, a fan site. Apparently, the breach actually occurred back in January and the passwords had fairly weak protection, making them easy to crack.
At the time, the fan site known as Lifeboat quietly forced a password reset in waves on affected accounts. However, as Motherboard's report on the situation shows, the site doesn't seem to take security that seriously, suggesting that account creators use short, easy to remember passwords, rather than something more secure and harder to crack.
Security researcher, Troy Hunt, discovered the leak and brought it to public attention. He also added the leaked account data to ‘Have I Been Pwned?', a site made to allow people to anonymously check if their email has been involved in a data breach.
Troy Hunt also put news site, Motherboard, in touch with several people affected by the Lifeboat hack, who claimed that they had not been informed of any breach at all. When Motherboard enquired about the lack of communication, Lifeboat's only response was that they hadn't received “any reports of anyone being damaged” by the breach.
KitGuru Says: Obviously when it comes to account security, having your own strong password is a must. However, at the same time, it does seem that Lifeboat hasn't done a lot to protect user data and didn't even inform customers that a breach had occurred in most cases.