DO NOT Join This Minecraft Server…

A couple weeks ago now I received an email about an extremely strange Minecraft server what seemed like on the surface to be a mostly normal Minecraft server at first had hidden intentions much more malicious intentions and upon digging deeper What’s Happening Here is extremely shady and something I’ve never

Seen before in my over 11 years of playing Minecraft Minecraft accounts are being stolen by a strange server using a dangerous almost undetectable exploit in Microsoft’s account system something which has been happening behind the scenes for over a year and a half now your account could have already been

Stolen and you wouldn’t even know so what exactly is going on well while I thought I was being trolled in the original email I was sent this is the server right here with this humorous IP message of the day and icon now you may think that this is an immediate red flag

To not join the server or for some of you this might be the server you have been waiting for for years it’s surprising not the strangest IP or server out there and seems more like a joke which beyond the funny name and icon looks to be completely normal it

Has players online which voting websites display fluctuate between 24 and 28 and you can connect but this is where things start to seem odd first of all a player count fluctuating by only four players in the last three months is not normal they fluctuate by a lot more but more

Strangely is the fact that upon connecting the server actually seems to have a different name Piglet and Brute from a brief Google search I couldn’t find anything about a Minecraft server called piglet brute no IP no website absolutely nothing the next thing you’ll notice is strange is the fact that the

Server checks your physics when you first connect which doesn’t make any sense whatsoever and then tells you that your connection has been flagged as suspicious and that you need to visit this website to verify you are not a robot verification to make sure you answer robot is actually something a

Small handful of more popular servers do have for example there’s a very large Russian server where where you have to do this as well and it will link you to an online web page where you do the whole I’m not a robot capture it’s rare but some servers will make you fill out

A captcha to prove your connection is not suspicious however this server is different rather than linking you to an online capture you get redirected to an official Microsoft account login page where if you log in will ask you for this piglet brute once you access your Xbox live profile information including

Your gamer tag friends list and activity as well as see and update to the data you gave it access to even when not using the app at first this looks normal launchers such as multi MC will require you to do the same thing when adding accounts to them but look what happens

Here if we use this alt account here and actually accept the prompt as you can see we get this strangely basic redirect to The pigland Brew website mentioning that verification was successful with this big old tick free PNG right here we still haven’t been able to connect to

The server though let’s take a look at the pigland brewery website then piglet.com and hang on a minute what’s this the domains related to pigland brute have been seized by the Federal Bureau of Investigation U.S Department of Health and gaming services and a bunch of other Federal things and has

Been given a dmca takedown if we take a closer look there’s some strange stuff in this message though the MCA issued pursuant to The Not So Secret Service the US Minecraft Esports team the Dutch national Stoners the Australian Federal feds the United Kingdom National Crime in Minecraft agency and one policeman

From Scotland and to let’s not forget the department of juice the office of Inspector Gadget and the United States district court for the southern district of Sweden oh and what’s this one the internationally acknowledged Guild of the Mr Epic subscribers by far the coolest organization here and the

Easiest to join as well all you have to do is click that subscribe button no pressure PS the intern responsible for our seizure banners has a burnout and has been signed off sick for two weeks what the hell are these organizations and where do I sign up to the US

Minecraft Esports team if we do a domain lookup we can find that the domain was registered back in February last year they’ve been doing this for a while and the date of registration lines out to be just before Microsoft account migration became mandatory to log in and play

Minecraft Java which is the only reason this all works by the way the domain was registered in Charlestown KN which is in the island of Nevis found right here a town which mind you has a population of only 1500 people they’ve also paid a domain privacy company to register the

Domain on their behalf so people can’t look up more information about them and hosted their website through privax another privacy Center company so clearly they want to hide their tracks as much as possible this all seems extremely dodgy anyways we’ll come back to the website soon let’s go back to

That successful verification page which here it says if problems persist refer to the troubleshooting guide which redirects you to this other extremely basic page where they’ve used Comic Sans on this page they tell you to make sure you are logged into minecraft.net it and then try verify again and by doing so

We’ll lead you through the same Loop over and over and over and over and that’s because if you haven’t guessed it already there is no server to join Beyond this verification screen there are not 25 players online this is not a legitimate Minecraft server hot Minecraft girls are not waiting for you

You aren’t verifying your physics or your connection what you’ve just done let’s give someone malicious access to your Minecraft account through an exploit in Microsoft’s account system even worse you will never know if that someone has logged on or used your account and they can log in and use it

No problems without a trace no email ever being sent to you but how is that possible you may be asking we logged into the official Microsoft website well as far as we know when you sign in through the in-game link Pig limbrew gives you and allow it access to your

Account you basically give whoever’s behind the server and access token which lets you use the account for 48 hours or a refresh token which gives you access to the account until the original owner manually revokes access and even then and they can still use it for a while

Until it actually expires after being revoked so basically Whoever has taken your account can log in and use it for either short or extended periods of time and you won’t ever know there won’t ever be any emails saying there’s been a suspicious login from another location

Now this may sound familiar to you or you may have actually heard of a similar method of stealing accounts before even experiencing one yourself this is very common on big servers like Hypixel where players will get DMS from malicious users pretending to be capture Bots or other similar looking Bots requiring

Additional verification due to changes in terms of service or due to scams going around something like that you will then be given a link that looks legit but isn’t asking you to sign into your Microsoft account same as we saw earlier with piglet brute malicious

Users will then log in as you and take your Skyblock coins gems or whatever and sell them for real money these are pretty common still even to this day and these fake Bots often Target big servers where they will spam DM everyone and younger more susceptible players may

Fall for them they work quite well because actually quite common for a lot of servers to get players to link their Discord account to their Minecraft account in game but the key difference is servers will never ask you to sign into your Microsoft account on an

External web page so it seems that this pigland brute firewall method is a more advanced version of that same Discord method of stealing accounts and the reason this newer method is even more dangerous is three reasons in particular first of all as I just mentioned it’s

Not too uncommon for servers to ask you to link your Discord to your Minecraft account using a similar linking method excluding the Minecraft account login of course which makes people less suspicious of clicking links from service and game second of all because a lot of people use third-party launchers

Where they go through the same Microsoft account access process players are also less suspicious of the screen and doing this in general and finally because you get directed to the official Minecraft login page immediately where only vaguely tells you what information you are giving away players are already

Going to be more trusting of it or unaware of exactly what they’re giving access to now it makes sense why this server has such a stupid name it’s alluring I mean if I saw this on a server list of which it is by the way I would join the server just out of

Curiosity and I can imagine this would be the same but even more so for younger players who would be far more likely to click the link and try to log in and this is also why it’s so worrying what’s stopping some malicious person from doing the same thing about paying to put

Their server on top of a voting website or paying for ads in other places they could even go further and have a properly set up server where they do the same thing most players won’t be able to tell what’s happening when they sign in it could be entirely inconspicuous

Unlike the Discord Minecraft account stealing methods where the main motive was to still play as currencies on Hypixel what is the reason this server is stealing accounts well there’s an obvious and less obvious answer first of all the obvious answer is to sell these accounts for cheap and old shops or use

These accounts as alts to cheat on servers basically free throwaway Minecraft Java accounts the second answer is a bit more worrisome as I’m sure many of you know there are players out there who scan servers to find unwhite listed service to grief with this method these malicious server

Owners could still access to your account and look up all the servers your username has been playing on and join them as you doing whatever they want however considering that this is the first time a method of stealing Minecraft accounts has been done like this through a server we really don’t

Know what their true intentions are and maybe they are getting access to more than most people think when you sign in through their link maybe we are being too short-sighted though on a larger scale though what’s stopping you from making a fake Microsoft support website which asks you to sign into your account

Account similar to the actual Microsoft support site and then let the website have access to your data in order to use it maybe there are malicious intentions Beyond Minecraft here that we don’t even know of the fact that Microsoft is so vague with what information exactly you

Are handing over makes this method super powerful for Fishers so what happens if you messed up and signed in well fortunately not all hope is lost if you head to your Microsoft accounts consent page with this URL you can see what apps and services you’ve given access to as

You can see here we have more TMC and of course piglet brute you can click edit on Piglet and brute and then remove these permissions and that should do it Microsoft really needs to make it clear what information you’re giving away when you do these third-party app sign-ins

Who knows how such methods of account stealing will be used to trick players into giving away their details next make sure you never log into your Microsoft account from such a link in the future be sure to subscribe thank you all so much for watching