Update: Microsoft clarified in a statement to The Guardian that none of Mojang's servers were compromised, meaning that the leaked passwords and usernames were the result of an unrelated hack.
"We can confirm that no Mojang.net service was compromised and that normal industry procedures for dealing with situations like this were put in place to reset passwords for the small number of affected accounts."
"When we discover lists of gamertags, usernames and passwords posted online, we take immediate action to protect our customers by reviewing for valid credentials and resetting account access when necessary."
Microsoft's statements will no doubt reassure users concerned about the safety of their accounts.
Original story follows
A plain text file of over 1,800 Minecraft usernames and passwords has leaked online. At this stage, it is unclear as to how the details were obtained, or if the leak itself is a precursor to a much larger attack targeted at Minecraft.
The details available in the leak (which has been posted to Pastebin) allow anyone to log in to a legitimate user's account to download and install the full version of the game. More worrisome is the fact that the hack exposes the affected users to more malicious attacks if they've reused the password on other services.
According to security researcher Graham Cluley:
"Quite how criminals managed to steal the credentials for so many Minecraft users isn't clear. Possibilities range from simple phishing attacks, keylogging malware stealing players' details as they log into the game, or even a security breach at Minecraft itself. (Let's hope it's not the last one – because the game has over 100 million registered users)."
"And although some 1800+ usernames and passwords have been published online, there's no guarantee that whoever gained access to them hasn't got a whole lot more in their back pocket which they haven't chosen to release to the rest of the world."