One of the biggest Minecraft server hosting provider has reportedly leaked access to its website’s source code, potentially posing a risk to players.
Australian company Shockbyte, which has annual sales of up to $10 million, provides hosting for a number of popular games, including Minecraft, Counter-Strike and Assetto Corsa.
But according to the cyber news The research team, the site’s private source code repository location, its credentials, and Shockbyte’s Git index file were all leaked.
Minecraft server provider leaked source code
According to Cybernews, attackers who exploited the vulnerability could have not only compromised the company’s website, but also laterally penetrated the game servers hosted by Shockbyte, thereby manipulating code running on the Minecraft servers and directly affecting players.
Another concern is that attackers could modify the code to steal or install payment information malware.
The leaked token had already expired, but attackers can use this and the other leaked information to find out how the website works and potentially gain access if the website is updated.
Shockbyte told Cybernews that it has taken action to fix the allegedly “erroneously provided .git directories.” The company did not immediately respond Tech Radar ProPlease comment on how this happened and what steps are being taken to protect customers and prevent future attacks.
Cybernews said, “With the rapid growth of the gaming industry and increasing reliance on server hosting providers, user security and privacy should be a top priority for companies operating in this space.”
Those likely to be affected are strongly advised to only access their accounts in secure environments where cookie attacks are unlikely. In general, the recommendation to use secure passwords and two-factor authentication (2FA) still applies.
