What is a compromised account?
Guide to compromised accounts
If you are reading this guide because you have been banned from our network due to a compromised account, there are a few things you need to do:
Change your password immediately.
Add security questions to the account.
The information provided here is to help you protect your Minecraft account and can also be applied to accounts on other platforms. If your Minecraft account has been compromised, if you are worried it has been compromised or if you just want to secure your account, then please read this article.
What happens when your account is compromised?
This means that someone other than you has access to your account and can change the password and/or email of your account. This can allow for one, or more people to have complete access to your account. They'll be able to play the game as you, change your in-game name, skin et cetera.
In regards to Minecraft, compromised account details are often passed on to third party sites and resold as 'alts' or as part of an 'alt service'. Often, these sites will harvest account details by promising free 'capes.' Do not fall for these types of scam and don't enter account information into a site you aren't 100% sure is an official Mojang site. These services are usually used by players to break server rules and bypass existing punishments. In some cases, people use public/compromised accounts to simply play on because they cannot afford their own Minecraft account. While these people may not have malicious intent, you still do not want them to use your account.
If you have a feeling that your Minecraft account may have been compromised, read the rest of this article to ensure your accounts are safe and secure, and they are in your full control. Remember, if your Minecraft account has been compromised, you can appeal HERE. If you need help with appealing, please read THIS article.
How can I recover my account?
There are different methods or steps to recovering your Minecraft account, depending on the scenario.
If discover that you password has been changed, but not the email address, you need to log into account.mojang.com and change the password immediately.
If you discover that your password and email address have both been changed, the recovery process is a lot more extensive. This is because you can no longer change the password just by clicking "Forgot my password," as the email is no longer the same. In order to recover the account, you will need to contact Mojang support at help.mojang.com or here. They will ask you for a proof of the purchase, which is the transaction ID that you received by email when purchasing the account.
Note: If you no longer have the confirmation email, there is nothing Mojang, or you, can do to recover your account. So remember to keep the confirmation email at all times, and secure your account.
Here are other articles or places for support:
- Mojang support twitter: twitter.com/mojangsupport
- Minecraft account article: help.mojang.com/customer/portal/topics/151510-minecraft-accounts/articles
- Minecraft.net help page: minecraft.net/en-us/help
Note: The first step when you discover that your account is compromised is to contact the company the account is with in order to re-secure it.
Why is it important to protect your account?
As easy as it is to build a profile, up on the internet, it's also easy to tear one down, in a matter of seconds. As soon as someone compromises your account, you no longer have access to it (depending on what they do).
This means you cannot:
Access/use the account freely.
Ensure the safety, quality and security of the account.
Have control of future actions.
What can I get out of protecting my account?
Protection. Not 100% protection, but better protection for your safety.
You'll also get experience with how the internet works and the availability of safety options available to you.
It'll save you time, effort and possibly money from needing to recover your account if it does get compromised
Reassurance. Knowing that your account is secure and safe from unauthorised users.
Ways to keep your account safe and secure.
Create a secure password when creating the account.
You have probably been told this a great many times when using online social media. Although, it cannot be stressed how important it is with any account to have a strong password.
How do you choose a strong password?
Use a lot of characters. Passwords do not have to be quick or easy to type, as they would not be able to protect your account well. This does not mean use 10 characters, by the way, but rather use 24-30 characters.
Keep a solid combination of uppercase & lowercase letters, digits and symbols.
Here are examples of various passwords:
Very Weak: password
Very strong: overtone-phone-threat-module-bar
Extremely strong: F4-*_iMxb-FIwU}hP)Ondppcq}P7Vpw&c,83DgJI37A*bj=XTK+e5TrQ:k&=MCC:
Do not use a duplicate password.
Use an extra method to keep your account secure.
Make use of 2 step authentication (2FA) whenever you can.
Add security questions to your account, which are mainly used for when you want to change your email address on your account. If you have security questions and only you know them, the unauthorised user cannot change the email.
Have a password manager to allow you to remember the difficult passwords. You can then store your passwords and keep them secure with a decent master key.
Some examples of password managers are:
If you still don't know what a password manager is, click HERE.
Do not ever use the same password on multiple accounts. This will allow for the person with the malicious intent, that got your password, to be able to easily access other accounts.
Never share your password and sensitive information with anyone!
People obtain your passwords through various tricks like:
"Get a free rank, just tell us your password" - Note: To give your account a "free" item, people do not need your password.
"Your account is compromised and we need your password to set up security" - They can not set up security for you, only you can, do not fall for this.
We have had people contact our support/sales team, asking what happened to their rank or wanting a rank, and they give us their account password, email and security questions. Never do this!
No official gaming company/other company, including us (CubeCraft), will ask you for your password or other sensitive information. The only valid information we'd ask for is your email address, Minecraft username and your purchase transaction ID, but only if you're talking to our sales team.
How to keep your pc clean from viruses and secure?
Common reasons for account compromising include ransomware, keyloggers or other malware and RATs, with the intent to steal your private information and leak it back to the owner of the malicious software.
An easy way to defend against this is to use multiple malicious software scanners. You do not need money for most of them.
Important to note: Do not download scanners off of other download portals. Download them directly off of the project's page, to ensure clean file downloads (virus-wise and integrity-wise). Also, in the installation of certain anti-virus software, they can provide adware as part of the installation (sponsors/ads). Make sure to keep vigilant during the installation.
Here are some official pages of anti-malware/virus protection software:
Norton: uk.norton.com or us.norton.com
You can keep your computer clean by not clicking on weird sites. Sites you don't know and look untrusted are mostly untrusted so if you see any site like this don't click on anything and just leave it.
An ad-blocker can help with blocking untrusted websites, such as Ad Block Plus. The premium version of Malwarebytes also comes with a website scanner, which scans the website and domain for malicious content or blacklisted websites, then blocks them before they fully load. They keep their website database up to date, keeping you safe from the latest dangerous websites.
Avoid clicking on links that people send you. Those links can lead you to a page were you can not see anything, but they just took all your details when you clicked on it. These website could also obtain your IP address, to perform DOS attack on your network.
Updated on: 06/03/2020