Psa: Technic Launcher May Have A Security Breach

[rmtworks]

For those of us in the community who use the Technic Platform and have an account on their website, apparently one of the top administrator accounts on their site was breached. Which basically means the admin had complete access to the site. I got the opportunity to speak with one of the other admins, by the name KakerMix, and here's a screenshot of my conversation with him:

 

http://i.imgur.com/Nb1TsXT.png

 

Like he said in that screenshot, there is potential that user passwords were compromised. They are rolling back from a backup to undo anything the rogue admin did, however, as a precaution they will force everyone to change their passwords on the website. This is also why the Technic Launcher is down right now and you can't download any packs - they moved all the servers offline so nobody could do any further damage.

 

So, I'm posting there here just as a precaution for everyone here that it would be a good idea to change your passwords on other websites if they are the same as your password for the Technic website. Now I don't believe your Minecraft username/password (what you type in when starting the launcher) would be compromised, but you can never really be too safe.

 

Just a Public Service Announcement, be smart with your passwords!

 

-rmt

 

PS: KakerMix also informed me that the platform would be down for at least 6 hours starting from 12AM GMT +0, if not longer. They will be rewriting the entire authentication system for the platform.

[rmtworks]

Update: After talking with more Technic staff, the admin accounts themselves do not have access to user passwords. However, they are still doing a full security audit, because this one admin account being compromised may not have been the only thing that happened. So,

tl;dr change your password regardless, better safe than sorry.