cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

14GB Minecraft data leak puts players at risk

Minecraft players should double-check their accounts after a database containing user and server data was posted online by a threat actor.

user icon Daniel Croft
Wed, 27 Mar 2024
14GB Minecraft data leak puts players at risk
expand image

Using a burner account under the name “rafaelll”, a threat actor posted a 14.8GB database to the infamous BreachForums threat site containing Minecraft user details and server information, including financial information.

The database was posted for free via a link to a Russian cloud-sharing site called “Облако”, which literally translates to cloud.

According to CyberNews, which originally discovered the post, the database in question contains over 700 documents, some of which contain details of specific Minecraft servers, including username and password combinations, IP addresses and more, granting those looking at the database the potential to steal accounts.


Even worse, some files contained private user data beyond Minecraft details, including emails, addresses and payment details.

While the source of the data is unknown, it appears, based on the age of some of the data, that the database is a collection of data from a variety of older leaks.

Furthermore, BreachForums users responding to the thread also suggested it was old leak data.

“Is it the old leak data,” said one, with another adding ”a little old but it’s a good database”.

Despite the age, the mass of data still presents a major danger for players and more, with scammers able to utilise the data to engage in fraud or other scams.

For example, email addresses could be used for phishing attacks, accounts could be held at ransom over users, and financial information could be used or sold to those who will use it for fraudulent purposes.

Minecraft users, whether they know if they are affected or not, should update their details to prevent access to their accounts, and monitor financials for fraudulent purchases.

Being such a high-profile game, with over 200 million monthly users (as of September 2021) and now being owned by Microsoft, Minecraft has been targeted multiple times by threat actors.

The website suffered a data breach that was discovered late last year on 8 November 2023 at the hands of the Leak12 threat actor.

The hacker exfiltrated 17.7GB of sensitive data from Minecraft’s databases before sharing it on a site called Database.io, a similar site to BreachForums.

It is also worth noting that the 14GB database shared on BreachForums is a similar size to the 17.7GB database once decompressed, as pointed out by CyberNews.

Prior to this, according to InsecureWeb which discovered last year’s Minecraft breach, “Minecraft.net has no known history of security violations prior to this incident.”

While not suffering previous data breaches, hackers have utilised Minecraft as a vessel for malware delivery before.

As reported by Prism Launcher, a number of modpacks under the CurseForge and Bukkit mudpack launchers contained mods that have been injected with malware, as reported by Cyber Daily in June last year.

Attackers gained access to a number of CurseForge and Bukkit accounts, which then allowed them to embed malicious files within mods that had been uploaded by the platforms. These mods were then adopted by larger modpacks and downloaded by unsuspecting users.

“Multiple groups are reporting many CurseForge and Bukkit projects as compromised. Malware has been uploaded to several projects, and it’s now known that the virus is self-replicating and spreading,” said Prism Launcher.

While it is unknown how many people were affected by the attack, just one of the modpacks, “Better Minecraft”, has been downloaded 4.6 million times.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.