Minecraft’s oldest server has been hacked for the first time in 13 years and it was so bad that actual authorities are investigating it now I’m not talking about 2b2t which is the oldest Anarchy server in the game but Minecraft online which is the oldest server that’s still running on the same Map how the attackers managed to pull this off is actually insane using a fake identity and social engineering they gained backdoor access to the server through the use of malicious code not only did they generate illegal items in game which they then sold for real world money but they also accessed in-game Player data server diagnostic logs Discord logins emails and password hashes of registered players and server donors and this was happening for months before it was finally noticed now to give credit to the admin team they went 13 years without a attack because of their state-of-the-art security system So the fact that it finally happened shows just how sophisticated this attack was but it’s caused a lot of turmoil in this server’s community so today we’ll be discussing how this hack finally happened why it went undetected for so long and the Damage that was caused both Inside and outside the game and why authorities are now involved when I wasn’t investigating money laundering in Minecraft I was at the gym where I always rock my raycons for any activity they’ve been my go-to earbuds the new everyday earbuds have an improved look and feel by using optimized gel tips They’re comfortable and they will not budge trust me not only are raycons water resistant but they can be charged wirelessly raycons offer eight hours of play time and a 32 hour battery life they start at half the price of other premium audio Brands so no wonder they have over fifty thousand five star Reviews I found them to be very useful so to get your own pair click the link in the description or go to buy raycon.com fitmc to get up to 15 off your order it’s a great way to support the channel and thanks again to raycon for sponsoring today’s video so let’s Talk about this Minecraft online getting hacked is a big deal because it’s the first time this has happened in 13 years of operation to give a quick history lesson Minecraft online was started in 2010 just one hour after the game’s creator Notch made multiplayer available To the public it has been running on the same map ever since and hundreds of thousands of players have left their mark on the server now unlike 2b2t where anything goes Minecraft online is more controlled and griefing is a bannable offense so it doesn’t tend to attract The bad apples that to be T does that is until March of 2021 when all of this began a malicious player was banned from the server’s Community for attempting to distribute malware to users I’m not going to say this person’s username so we’ll just call them the hacker but they Attempted to steal the Discord credentials of multiple players and were swiftly punished for it despite them being banned from the community they took on an entirely new identity and in July of 2022 thanks to incredibly persistent social engineering the hacker was actually brought onto the server’s Dev team to help out with some of the plugins Minecraft online uses a variety of plugins to keep the server running and the build tool they use is called Gradle which a lot of software developers use allegedly the hacker created a backdoored Minecraft plugin for the server that would give him Direct access and to do this he distributed a malicious version of Gradle when run by a human nothing about the plugin seemed out of the ordinary but when it was run by the server’s automated testing pipeline it would then introduce the backdoored code when a human wasn’t watching imagine walking Through a metal detector but just throwing metal objects over it and then catching them on the other side it’s not a Perfect Analogy but it gets the point across the hacker tricked an automated system to allow something malicious to get through this method actually worked and in September of 2022 the backdoored Plug-in was successfully introduced to the server which gave the hacker the access he desired with the plug-in installed the hacker was able to send commands in the form of JavaScript program instructions to the server for execution this could be anything from summoning Minecraft items in game to reading data files visible to the Minecraft Linux user on the server now for the first few months this flew under the radar but it didn’t take long for some players to realize something wasn’t right according to player testimony some members of the community started becoming insanely wealthy with in-game items seemingly out of nowhere take a Look at this this is a player made City on the server called Newport from June until December of 2022 six entire months we can see the progress that was made on the city and judging from the comparison not a whole lot changed now afterwards in just a one month period we can see That there was an absolute explosion in progress on numerous builds far more than in the previous six months remember this is not an anarchy server so hacking and duplication exploits are not allowed it was clear that Builders were getting materials through unnatural means but it went beyond this the hacker had given Himself creative mode and allegedly began selling items to players for real world money not only were regular materials supposedly sold but illegal items not normally obtainable in survival were created as well such as bedrock and Portal frames even structure blocks which I didn’t even realize could Be placed in such a way the reason all of these screenshots are so blurry is because they are taken from a YouTube video which has now been removed but it was made to mock the server and also cause paranoia in addition to Illegal blocks super weapons and tools were also Created having stats far above the normal limits the hacker and his associates had effectively turned Minecraft online into an anarchy server and this was just the tip of the iceberg strange occurrences started happening such as items going missing from ender chests players slowly began finding illegal blocks inside of builds which of Course caused some confrontations screenshots of absurd amounts of illegal light circulated to the point that the admin team had to start investigating the issue after combing through every plugin they had on January 9 2023 they discovered the backdoored plug-in for the first time it had been active for Four months at that point and was far worse than expected they quickly removed it and began analyzing the damage the hacker had access to the following in-game player data server diagnostic logs email addresses of registered players and donors and the hashes of registered player passwords the Gradle Security team also looked into it and published a full report it has a lot of technical details which are difficult to describe so I’ve left a link to it in the description if you want to read it but basically they discovered the hacker had also attempted to steal Discord Credentials the very thing he was originally banned for in 2021 at this point a cyber crime had been committed over a Minecraft server so on January 28th the admins of Minecraft online released a statement to the public announcing they had been breached for the first time in almost 13 years of Operation they described what had happened and the steps they had taken to ensure players safety any players that acquired illegal materials knowing that they had been created by the back door had been banned from the server forever despite how proactive the admins had been for over a decade they acknowledged The human factor that went into it they weren’t prepared for someone to fake an entire identity for years and socially engineer just to backdoor a Minecraft server so they would enact more thorough background checks for contributors in the future fortunately for the admin team though the hacker had been careless Enough to leave enough breadcrumbs for them to follow which would then allow them to pursue legal action the European Union Agency for law enforcement cooperation also known as europol was contacted and given all evidence in order to bring the hacker to Justice since part of the attack involved a Discord bot discord’s trust and safety team were also contacted to investigate the bot logs but the community was stunned with many in disbelief players began wondering just how many builds were created by using the back door and others were concerned about server Integrity the tech savvy players understood just how advanced this attack Actually was and of course there were jokes as well but the Fallout of this back door is eerily similar to what happened on 2b2t in early 2016 in that some players have left the community entirely and gone elsewhere no matter how smart you are committing a cyber Crime over a Minecraft server is a dumb thing to do no video game in existence is worth criminal charges so while it’s unfortunate it that this has happened to Minecraft’s oldest server hopefully it can serve as an important lesson to all if you enjoyed today’s video make sure To leave a like hit that subscribe button and follow my socials take it easy fit fam and stay alive out there Video Information
This video, titled ‘Minecraft’s Oldest Server Was FINALLY Hacked’, was uploaded by FitMC on 2023-02-11 14:28:32. It has garnered 1209823 views and 56845 likes. The duration of the video is 00:10:17 or 617 seconds.
Today we’re covering how Minecraft’s Oldest Server Was FINALLY Hacked, and the insane criminal method utilized to do so. Get Raycon Headphones and support the channel! Visit https://buyraycon.com/fitmc for up to 15% off!
My Twitter: FitMC My Instagram: fitmcsippycup
Information/Images/Sources: Minecraftonline admins Minecraftonline Public Discord Lunar Logs: https://lunarlogs.com/2023/01/29/double-jeopardy-mcos-backdooring-players-get-shut-down/ Gradle Security Team: https://blog.gradle.org/wrapper-attack-report
Additional Music: homieonice (Instagram), FFXV, FFX, Y7
If you enjoyed this video discussing how Minecraft’s Oldest Server Was FINALLY Hacked I would appreciate if you would consider hitting that like and subscribe button! This video has nothing to do with speedrunners, 100 days, hardcore, “minecraft but”, 1.20, Camels, sniffers, hermitcraft, armor trim, suspicious sand, or any of those other topics.