/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Supra_Et_Ultra_2023_7_25_94252.263_1440p_streamshot.png)
One of the largest Minecraft server hosting providers has reportedly leaked access to its website source code, potentially putting gamers at risk.
Australian company Shockbyte, which generates annual revenues of up to $10 million, provides a host of popular games including Minecraft, Counter-Strike and Assetto Corsa.
but according to cybernews The research team, the website’s source code private repository location, its credentials, and Shockbyte’s Git index file, were all leaked.
Minecraft server provider leaked source code
CyberNews says that attackers who exploited the vulnerability could not only manipulate the company’s website, but also subsequently migrated to game servers hosted by Shockbyte, thus manipulating the code running on the Minecraft servers and Gamers were directly affected.
Other concerns are that attackers could modify the code to skim payment information or install malware.
The leaked token had already expired, but attackers could use this and other leaked information to discover how the website operated, potentially gaining access when the website was updated.
Shockbyte told CyberNews that it has taken measures to acknowledge what it called “mistakenly deployed .git directories”. The company did not immediately respond techradar proRequest for comment on how this happened, and what steps are being taken to protect customers and prevent future attacks.
CyberNews said: “Given the rapid growth of the gaming industry and its growing dependence on server hosting providers, the security and privacy of users should be a top priority for companies operating in this sector.”
Those potentially affected are being urged to access their accounts exclusively in secure environments where cookie attacks are not likely to occur. In general, the advice to use strong passwords and two-factor authentication (2FA) still stands.
