If you have not heard about it already, there is a new OpenSSL Security Vulnerability which has been discovered over the past few days. This vulnerability, labeled “Heartbleed”, allows an attacker to gain access to an affected server without leaving any traces of being there. This means that an attacker could access a server and access the account information for all user accounts, and the owner of the server would never know that anyone was there or that user accounts were accessed.
For more information on Heartbleed: http://heartbleed.com/
Among many other popular sites like Facebook, Gmail, Netflix, Dropbox, and Box.net, Mojang was also affected by the Heartbleed vulnerability. This means that your Minecraft/Mojang Accounts are potentially at risk. It is critical that everyone change their Minecraft/Mojang account passwords immediately to avoid malicious access to your account.
As previously mentioned, Mojang was not the only site which was vulnerable to Heartbleed, refer to the following link to see if any other websites whom you have an account with were vulnerable to Heartbleed and change the passwords on any affected accounts. In addition, you should change the password on any account which shares a password with a vulnerable site. For example, Facebook was vulnerable to this attack but Amazon was not. If you use the same password for Facebook AND Amazon, you should change BOTH passwords.
List of popular sites and whether or not they were affected by Heartbleed: