Last weekend, we were informed about an exploit affecting us and some other (featured and non-featured) servers, which allowed users to log in with an arbitrary identity. As this posed a possible security risk, we went into maintenance mode and resolved this issue ASAP.

As of this announcement, we believe the issue has been resolved. We have reached out to other affected servers in the community, as well as affected software maintainers, to aid them in resolving this issue.

We have no evidence that this exploit was used maliciously. The Hive stores no personal data, so there is no risk to players in any form. 

As there was no impact to player accounts, we are under no obligation to post this notice, however we're sharing this to promote transparency and to assist affected networks.

We have rewarded the people that informed us about this exploit with a generous bug bounty.

This incident was limited to server logins, due to the way Minecraft client issues and validates logins, and not any backend service or web services such as Discord or our forums.

FAQ:

Is my account at risk? Should I change my password?

No. This incident has no relation to passwords, and as it’s been resolved, there is no risks for any accounts. Absolutely NO action is required by any user at this time.

Was my account affected?

From our current evidence, this affected less than 10 accounts, mainly vanity and known influencer accounts. There was no substantial abuse of the affected accounts. No player account was banned, kicked, or modified because of this incident.

Did this affect all servers?

This affected a small number of featured servers as well as several non-featured servers, as well as popular Bedrock to Java translation servers. Most affected servers have since resolved this issue.

Was the Hive “hacked”?

No. The scope of this incident was purely related to in-game access, and the number of privileges that in-game accounts have is incredibly limited as well as audited. No personal, account, or other privileged data was accessed or modified.