The same hacking group which reminded us about the importance of the basic rules in cybersecurity has again made headlines by hacking into Minecraft(Mojang) accounts. Ourmine, the hacking group which turned to a ‘Cybersecurity Consulting Firm’ has recently (July 19, 2016) shared a video demonstrating the hack. The hack is specifically aimed at users who rely on Windows PCs and MAC PCs to access the account. Ourmine become popular in the cybersecurity industry by hacking into social media accounts of popular figures like Mark Zuckerberg,Sundar Pichai, and many others.
Ourmine did it again!
Ourmine claims that they have found a way to hack into any Minecraft accounts. The hack is targeted at the login page of Mojang, the developer of Minecraft. The hacking group said that they don’t intend to do any malicious activity and they are just pointing out the vulnerabilities in the website. According to popular sources, the ‘IDG News Service’ created a Minecraft account to test the hack and asked Ourmine to break into it. Not only they managed to gain access to the account, but also they changed the user profile to ‘Ourmine Team’ to the prove hack.
How they did it?
Ourmine has kept the core details of the hack as a secret and asked the developers (Mojang) to contact them in order to fix the issue. Even though, Microsoft which owns the Minecraft announced last Tuesday (July 19, 2016) that they have fixed the vulnerability. The hacking group said that they have done the hack by stealing cookies from the website. This hacking technique is known as Session Hijackingor cookie Hijacking. There is a set of special cookies which works like an authentication ticket to the database, which makes them very dangerous in the wrong hands. So, by stealing cookies of a website, the only information you requires is a valid email address to break into the an account.
Ourmine stealed cookies of users by creating a clone user account site of Mojang. This technique comes under the category of Man-in-the-Middle attack. Being more specific, the attacker will create a false subdomain to gather information, in this case cookies. Using the method known as DNS Spoofing, where attacker create a copy of the login page and gather information.
The main security concern raised by this ‘Ourmine hack’ is the vulnerability in internet cookies. The easiest way to steal identities is to steal website cookies. Taking the fact that cookies can store sensitive information like access credentials and user preferences.