WEB-2089Mojang Account Exploit
There is currently an exploit with minecraft accounts where you can turn an NFA account (one you have the login to, but don't know the security questions) into a FA account (know the security questions and can change the email to).
I've been following the scene so far and many people are doing it and monetizing it.
This shop https://bombalts.com has been doing it. They've set up an automated program and purchased thousands of account logins to do this. They own the domains:
https://www.13mail.xyz (primary theft source)
ekmail.xyz
iqumail.icu
jymail.pw
poilmail.pw
qsfmail.fun
xmailo.pw
They've setup mail servers on these domains using some kind of software, you can access the mail login by going to https://bombalts.13mail.xyz and if you know the email address you can login without a password. They've taken thousands of accounts and used the exploit to turn them into MFA (Mail Full Access) by successfully gaining access to the security questions, changing the email address of accounts to their domains (13mail.xyz primarily) and then selling them later to their customers.
I don't exactly know how the exploit works, but there is also another similar exploit where if you guess one of the 3 security questions you can get access to the account. I have personally confirmed these exploits exist and many people are losing their accounts, you can read about people being affected here:
https://twitter.com/Ahealias/status/1249089229348536323
https://www.reddit.com/r/HowToHack/comments/fye684/not_sure_if_this_it_the_right_place_but_seeking/
The emails that they are being migrated to are randomly generated.
I would like this fixed as soon as possible because i was personally affected and my account stolen as well. If possible, i would also like to remain anonymous and hope that this report is enough.
