Minecraft players beware: 14GB of private data posted for free on illicit forum


A threat actor on BreachForums has posted a 14GB database containing Minecraft user and server data, including sensitive payment information. Exposed players should be wary of cybercriminals trying to exploit the leak.

The leaked data was posted on the illicit marketplace BreachForums on March 23rd by the threat actor under a burner account, which they used only to create a single thread.

It is unclear where the Microsoft user data originates.

According to the Cybernews research team, the shared database consists of more than 700 smaller documents, which seem to have been compiled from multiple prior leaks and breaches. Some are specific to various private Minecraft servers and contain various combinations of usernames and passwords, usernames, and IP addresses.

minecraft-leak1

Some leaked documents expose sensitive private user information such as payment details, addresses, emails, IP addresses, and usernames.

The dataset is available for illegal downloads almost for free. BreachForums is a popular criminal marketplace used to buy, sell, and trade hacked or stolen data.

Cybernews reached out to Microsoft for comment but has yet to receive any additional information at the time of writing.

minecraft-leak2

Last year, the popular gaming website Minecraft.net fell victim to a major data leak, according to the digital attack surface analysis platform InsecureWeb. The breach, which occurred on an undisclosed date, was detected on November 8th, 2023.

“The hacker responsible for the breach, known as “Leaked12,” targeted Minecraft’s databases, compromising a significant amount of sensitive information. Approximately 17.7GB of data, including emails, was stolen during the attack,” the InsecureWeb said.

The currently exposed dataset is similar in size when uncompressed.

minecraft-leak3

Affected Minecraft users should change their passwords on compromised accounts and double-check that the leaked credentials are not reused elsewhere to prevent hackers from accessing multiple accounts. Always enable two-factor authentication where possible.

Scammers are likely to exploit this data breach by sending phishing emails, text messages, or making phone calls in an attempt to steal additional personal information or trick victims into revealing their login credentials.