ADVERTISEMENT

Minecraft server host Shockbyte puts players at risk

Shockbyte, one of Minecraft’s largest server hosting providers, left a misconfiguration on its systems exposing it to threat actors that could potentially have manipulated Minecraft server code.

Shockbyte

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Jun 22, 2023 Updated: 27 June 2023 3 min read
  • Shockbyte is an Australian game hosting provider hosting many popular games, including Minecraft, Counter-Strike, and others.
  • The company leaked sensitive data through a publicly accessible git configuration file.
  • The git configuration file could’ve allowed malicious actors to access Shockbyte’s source code, putting their internal systems and clients at risk.
  • Cybernews contacted Shockbyte, and the issue was fixed.
Git file
git configuration file | Image by Cybernews

Potential access to source code

  • The website’s source code private repository location and credentials – CI Job token.
  • Git index file.
ADVERTISEMENT

The company’s response

Staying safe

  • Always secure the configuration and index files by making them inaccessible to the public.
  • Ensure that all accounts with repository access have two-factor authentication (2FA) enabled.
  • Accounts should be used exclusively in secure environments to prevent session cookie attacks.
ADVERTISEMENT