Turns out there is an exploit in the Mojang authentication system that allows a hacker to use your username on ANY MINECRAFT SERVER, EVEN ONES IN ONLINE MODE. This hole stems from a flaw in the migrated account system. Migrated accounts will require an email address to log into Minecraft and if you have not done this, you are safe.
Standard authentication via Mojang’s servers is disabled until further notice. Secondary login via the /login command is the only way to log in. If you do not have a password, contact the administrator at ngminecraft [at] gmail [dot] com.
To see the documentation on this vulnerability, click here.
### TO USE OFFLINE LOGIN: ###
- Log in. You will spawn in a bedrock jail.
- Use /login <your username> <your password>
- If it worked, you’ll see “Info: Access granted – offline authentication successful”
- Otherwise, contact the admin.