Last year, 126,000,000 Minecraft accounts got hacked. This was absolutely insane.
This video explains the Minecraft Session ID exploit, one of the most dangerous bugs in Minecraft's history. I'll show you how it works, some KZheadrs who were affected, and Mojang's response. Watch until the end, this story is unbelievable.
DISCORD ➤ / discord
TWITTER ➤ / beluga1000
MINECRAFT SERVER ➤ lucid-craft.com
clips used:
• Griefing and ruining a...
• HBtv and DeadBush (Tim...
• Mineplex Hacking: Usin...
#Minecraft
If you like what you see, SMASH subscribe because more videos are on the way :)
L
Yes
@@andyplatosh5689 hey
Beluga
already dide
This hits hard for anyone who's had their Minecraft accounts hacked before
Hits more hard when I realize how much time you spend on KZhead via commenting Do you have a life?
My account are getting 3 times per day by diffrent people
It was, until I got it back.
Eyy found you
Bro I see you everywhere lol
*Mojang:* Let’s make the Session ID public! *Hackers:* Good idea!
Hacker: I'm gonna now mess up popular KZhead's server
69 YESSS
Mojang: let fix the session hack. Hacker:NOOOOOOOoOOOOOOOOOO
*we do a little trolling*
@@iameveryoneshomie2977 not my homie 😤
Somewhere before today, my friend abused this glitch and decided to use it just for his funny pranks while also shipping george and dream. I hated it.
Also, my friend used t-launcher to put my name in it, it actually logged me out.
Oh.
Just access his acc back it's that easy
@@StageKZhead naw, i'd ship george and drea- /j
Lucid dreamer > minecraft documenter > discord maker
He likely still lucid dream likely of getting of getting some bitches
Downgrade
“It effected every single registered account, including yours” Me who didn’t have PC Minecraft back then: *fool*
Me, who didn't even PLAY minecraft: XDXD
Me too
@@thishandlesucks-webcookie do you have mobile? If then I have a video that can get you free mcpe see my vid on this channel or in the channel @G F L 999
I didnt even have minecraft Java either :D I was using minecraft education edition and I still am.......
Same lol
People not having a Minecraft account but still playing on crack: *you fools, i dont have such a weakness*
PLAYING ON CRACK?
weakness is a joke.
@Alejandro Huertas Téllez umm maybe I use that lol (im poor plz)
YES, LOL
Haha ez TLauncher go brrrrrrrr
Aw man seeing this 2 years later and seeing the old mc launcher makes me feel nostalgic
The old Beluga...
Yes
Beluga: “Everyone’s account got hacked even yours.” Me whos account didnt get hacked:
They can hack your account, but still they don't care so they didn't.
@@Dullification they cant hack a account that dont exist
NO one care a useless acc because you don't have coins 🤣🤣🤣🤣
@@dragondesabysse2258 lol
@@dragondesabysse2258 let me off this planet please
Single player: *vibing* “LETS GO!”
I AM invincible BY THE POWER OF LONLINESS!
@@MelAegis pretty sure he means he doesn’t have an account, and is just vibing alone
@@MelAegis you got asession id when you logged in a server if you dont get session id you cant get hacked (or I may have just not understood something idk)
@@isaacanimates1890 oh lmao
@@valakivalaki5798 *Understandable, have a great day.*
i kinda wish beluga made more videos like this instead of shitposts
Same.
As someone who works with bug hunting daily, I'd say that; 1. No - you won't get access to someone else's sessionID by knowing their public IP address 2. I see this all the time. The part with a "legacy" or an outdated authentication process is used for authentication. Sure, blame Mojang, they could've thought of it. But in the end, it's human error to make mistakes c: 3. The last part about a "back door into every single minecraft account", does not exist. I think you refer to an account takeover and in this case, they made something called a "Session High-jacking". A backdoor is if an attacker were to be able to gain a reverse shell to a website for example. That's one back door as he didn't need to use SSH to get access to the webservers internals. Just an example :P Wish there were more technical details that i didn't know of in this xD But still, great job with the video! ^^
Wow this isn't even like, people falling for a scam or anything, this is just hackers completely taking over a loophole in Minecraft's own code and ruining the accounts of innocent users.
1k likes soon? 4 now
" the dark side of the force is a pathway to abilities some consider.............. unnatural.."
If only one of them turned to the light side and began combating them
@@gameseeker6307 that wud be the devs
that same mesaage pop up on when i was on Hypixel
Never imagine to a minecraft documeter to becoming a discord maker
Lolz same
Yeeee :)
Ikr
=T
Same
I wouldn't object seeing Beluga make more videos like this
1:38 had me cracking up 🤣 "Change your email"... well how the f**k do I do that?
Other Channels: “Only 1% of the viewers is suscribed” Beluga: “Only 1% of the viewers is female”
I am a 1 percen
But the real question is... why does he know tat
SUScribed. damn.
@@dererstaunlicheanomalefuch6861 it was a joke actually
@@sierraapples8099 Actually No , there is a option where you can see everything how many male or female and who are subsrcibed while watching the video etc...But they just edit it and make less percentage
POV: you’re on bedrock edition
U mean bugrock
Very nice video I enjoy the discord videos too but you should also do some more other types of videos
Some people just want the world to burn, thinking they’re fireproof
I’m gonna yoink this
10 on 10, would repost somewhere again
Didn’t the guy from Batman say that
@@paratoxicalcapybara3939 "the guy from batman"
@@lolxd7753 yeah that’s what he said.
Beluga: “Everyone’s account got hacked, even yours” Me who never had a Minecraft account:
This is underrated
Same lol but I have a tlauncher accouny
@@billionairexd4977 Me too
@@ariel.notsane ye imagine working hard making money buying minecraft but it gets hacked the other day :/
@@billionairexd4977 :0 that would we awful and waste but imagine getting that money from your parents after begging them till 2 hours! You'll get 5 hours lecture plus no Minecraft
For anybody wanting to know the music being played at 3:25 in the name of the song is Wonderful World remix by DJ quads the very same DJ quads that made Anniversary song Aristotle which was in a Minecraft Modpack
This is so different to a normal Beluga video on Discord.
not exactly sure why this was in my recommended, but i think you're about to get a huge spike in views due to the algorithim
SAME LOL
Too true, this will probably get 1 Million+ views
same and since hypixel is getting ddos attacked
@@porknchops26 yeah
Yup
I once had that message pop up in red while I was chillin out on bedwars. Thought I was gettin hacked so I kept logging on and fighting back with the supposed hacker. Turns out, my WiFi is just so bad that it made a fuckin CLONE of myself that was 10 seconds late so I was just fighting back with myself lmao
Epic
Truly
Wait wha--
what country are you from
I also have trash wifi
Oooofff! I think I had my MC account just a few months later... R.I.P., 2b2t MC bases...
Good example of why you should backup your server regularly.
“It effected every single registered account, including yours” Me who wasn't even playing Minecraft that day: lol
as he said they had to know only your nick and you didn't have to be online
True
I wasn’t playing it that year :)
Me :doesnt even have minecraft…
My account is not hacked
Minecraft accounts: *getting hacked* People who pirate Minecraft: I don't have such weaknesses Edit: changed possess to have
i don't have said weakness either
I have a friend who pirates video games, he also pirated minecraft
Same
I know this is a joke, but I couldn't resist... If you pirate Minecraft, you are "hacked" by design.
@@GrzesiekJedenastka well yes but no cuz there is no account to be stolen but you downloaded a free launcher that could have a virus
only if beluga continued these videos instead of making the same cringe joke 92649 times
It's a good thing I didn't know Minecraft java or servers existed when the accounts got hacked. I only played bedrock and pocket edition.
Beluga: “Everyone’s account got hacked even yours.” Me who got Minecraft on pc 1 year later: *happiness and sadness noises*
people who never play online: happiness
Like the minecraft piano music happy and sad (:
@@bryanbrathwaite couldn’t they destroy their single player world?
@@chippedtile no
@@jessveness oh ok
"Only 1% of my viewers are female" I suddenly feel personally attacked for being a female watching this lol
don't worry, 1% of the views currently as I am writing now are 16362.62 females, not bad..
You and me both
Me suddenly: Why am I here?
Every guy is watching you
@@gal-vz2ej I used to have like, 99% male now it's all female due to a single vid I made
ngl, I feel like everyone (including me) misses these videos
This never happened in my Minecraft worlds before. But one other world of mine glitched of terror
“Yeah sorry I’m getting hacked can I call you back?” Got me 😭
You're not that youtuber-
Silly brett
Yea he was just excited like that one time when I played mw2 and everyone got everything in the game
timestamp?
@@robrit5301 like 1:45
The reason why Hypixel admins (and YT accounts) couldn’t be hacked and joined from another location was 2FA. It’s just that a lot of YT accounts didn’t have 2FA enabled
2FA was not added when the hack happened. And even if Microsoft account 2FA existed, the KZheadrs would still be using Mojang Accounts and not Microsoft accounts , thus not allowing them to have 2FA. As far as I know, 2FA did not exist for Minecraft Java edition accounts until late last year. And even if 2FA was enabled, the hack involved session ID which was not related to the the login details. As said in the video, the hypixel admins probably just banned themselves through the console and disabled admin commands when this hack was a thing. Please watch the video before making a comment that relates to the video.
@@mrscam6173 hes talking about 2fa on hypixel some youtubers and admin gotta write a password when they join hypixel
@@mrscam6173 This 2FA is coming from Hypixel themselves, not Microsoft/Mojang. If they banned themseleves through console and disabled admin commands, there would be no server moderation.
@@Destructotz this is extremely true.
@@mrscam6173 I did watch the video all the way through. As @LoggenOut YT and @Evan Nguyen said, Hypixel had its own 2FA system. It works by tracking the IP of those who have it enabled and then not letting them join if it is different (unless they have a 2FA code). The reason why you may not have heard of this is because it is only available to YT accounts and then to staff (I’m not sure what levels of staff had access though). The Hypixel admin team has stated on countless previous occasions of players asking for 2FA that regular players don’t have access to it so that the staff team doesn’t have to spend time helping all the people who lost access to their account.
i would probably mess with people on servers (no severe griefing, just trolling). Like making a massive diamond block cube in bedwars out of bounds or giving people saplings in lobbies.
@Beluga I keep rewatching this video, I love this style of video!! please make more like this!!!!!!!!
I think they cracked the way session ids are generated. As an ethical hacker, sometimes "random" is not really random. It's just "chaotic". And knowing how session ids are generated in the backend you can just predict any valid session id for any users
Wait,what??
I want to be you
True, knowing the "logic" At the backend you can generate them and a few might be vaild and looking at the big numbers of accounts out there alot of them must have been. The more the accounts the more chances of getting a valid id.
And yes you could predict them too just have to reverse engineer the backend "logic" Abit or you can randomly generate them with help of a automated tool and check them.
definitely a possible answer, just find the pattern really at that point
"Everyone was hacked" Me who made my account after the attack: I have no such weakness
i had the same problem around 4 months ago
so true
i have my account since 2014
Me who never had java:
@@overlyaverage1 same lol
I would log onto Hypixel as Technoblade, then use an auto-relog module to prevent other people from using the account on Hypixel out of respect. I'd probably also send a few friend requests and add myself to his guild, if I'm honest...
Bro I didn think that beluga could post such a serious video
As a cyber security student, I would literally yell at microsoft's security team and maybe get to publish a CVE, to put into perspective its basically accessing your KZhead, Twitter or Google account without a Username or Password, granted I think the people that got affected either got phised or the hackers pseudo-gussed the hash for getting session ID. Either way, it's really, really, really bad that it happened. Glad its at least fixed or deprecated.
Yes!
This is before the Microsoft Account migration, blame Mojang Studios
I wonder how many people hacked servers with insecure admin commands, if it happened at all. Possibly some DOS attacks came of this.
@@itdepends604 it really isnt insecure admin commands more like admin credentials, and given that there bots/script that scan the internet, there is the occasional hit. If your curious look up: "how do botnets work?" or "how do C2 servers work?"
@@WeatherWX but there must of been at least one server plugin that trusts the server admin more then they should?
I never thought I'd see the day where Beluga makes a serious video lol
this was an old vid.
When i watched this i didn’t even know it was from beluga
lol
@@calebfv ME 2!
old video
i wasn't your biggest fans when you were uploading discord videos but i really love this type of content keep it up
a way to stop this is to add a login plugin or thing so you would need a password to access that server
I think I'd log into Technoblade's account and farm potatoes for him eDiT: tHaNkS fOr 3 LiKeS
Lol
Lol
Lol
I would steal them
The war of s over
beluga: makes meme videos also beluga: finally makes a normal video
I lost my hypixel account to this. I was so good too. I had one of the largest carrot farms ever. And now the only memory I have of it is my YT profile picture...
“There is no way to stop them” Hack and log onto their mine craft account and screw it up severely too, if I’m going down I’m taking that person with me
LOL that’s smart
They just acrew you up even more
You don’t know their account
It’s a joke “stupid”
@@hikafallen1306 rude
i could literally imagine those same exploiters raging because they couldnt play on a certain persons account because others were trying to do the same
All thanks to @hack_types on instagram who helped me to recover my discord account, I recommend all of you to him is the best I've ever seen
dont believe guy above me
@@eric_toolz9865 LMAOOOO
hmmm there was a similar situation in Poland, two KZheadrs were involved in situations with keyloggers.
This may be my favorite video of yours! If I had the chance to log into any account I would log into the account of the Dutch Minecraft KZheadr Dodo and walk through the maps of his survival roleplay's he did over the years. And I would leave a sign with some nice text. I wouldn't make any serious damage.
“Every single Minecraft account in existence” Me who plays bedrock : INFINTIE POWER
Also you who plays bedrock: NO PC
@@springlio6441 bro you can get bedrock on a pc
@@springlio6441 bedrock is on pc also
@@FishyExists yea and the PCs who get Java edition is specific
Same
Beluga: talks about how horrible the exploit was and how tragic Also Beluga: Explaining what he would do if the exploit was still available
HAAHHHAHAHHAHAH
yes
I would do the same but instead of messing around I will chat with the others as dream, I’m just lonely lol
@Beluga i never thought you would make a video that's actually serious, but so interesting!!
I remember this, my mom wanted to learn how to play Minecraft because she said it looked fun, so I was teaching her on my server ( a small smp with my friends, and then a hacker got on blew everything up, and then banned everyone
"Everyone's Minecraft got hacked, even yours." Me who has Minecraft PS3: *I have no such weaknesses*
Me who had Xbox but didnt hacked
X2 i play minecraft in ps3
Me chilling on Minecraft Education Edition 😎😎
Me who plays with ipad single player
I have ps4 no psn network lol so Im basicly only playing in single player mode lol
Funfact: It was Hecker all along
😮
Worst part is that he didin't even remind the people what thier passwords were
Yes…
@@Marlin123 lol
THE LORE 😯😯😯
Beluga has changed so much channel-wise
Man I wish he made videos like this, these were cool
Wait, this is the funny "Discord Mod" meme guy? Damn this is some good content
i just noticed, too
What a genre change
omg i just realized!
Hes also the lucid dream guy
This isn’t even his main channel!
“tell me what you would do if it happened again” Sorry bro, but I wouldn’t do anything because I have a sense of morals
Why the hell do you have Nord VPN as pfp?!
@@Saikmuu he's a living sponsor, leave him be
Well i dont really play minecraft anymore soo
@@GiammiTheBest it’s how I get my cash ( ͡° ͜ʖ ͡°)
Same
I remember watching this, I thought it was made by a popular youtuber, amazing editing skills.
Beluga we need more of these vids
THIS IS WHY MY FRIEND MET MRBEAST IN DUELS!!!! IT MAKES SENSE NOW edit: for people saying it was a nick, we checked a website, his last login was the day he met him lol
ohhh
oh gosh
Wait wahhhh, whenn
Or they did /nick
@@Teegste thats not how /nick works
I feel like there should have been a way to temporarily disable an account and it can only be reactivated by entering username and password
oh yeah like how discord does it
@@cardi1783 except without the phone number, I’ve been locked out of 2 accounts already because I don’t have a phone and phone is required for verification in discord
your picture is off of google images...
nice profile picture
Im sure all big servers have backup worlds so if this happens after it gets fixed they can just swap it out
i've watched this like back in 2021 and never thought it was from Beluga :)
Meanwhile, the 3rd world country players who use pirate Minecraft: They called me a madman.jpg
wheeze
@@misty6950 Slash wheeze?
@@octavio675 that was meant to be just wheeze lol
@@octavio675 who tf is dat
Yeaaa,i dont even have a mc account (but somehow someone shared his with me lol)
I remember watching this without knowing it was Beluga or even who he was.
me too lol
yessssssss
SAME
Same
Me too
The song you used in the intro, what is that tune called?
I would use it to login to a famous server like hypixel and just see behind the screens admin/owner chats and anything out of bounds and just see how things were constructed/put together
Beluga: “Everyone’s account got hacked even yours.” Me happy to have a friend
Hello! How are you? If you need someone to listen, someone to talk to, or a friend. I am here to talk, listen, and be a friend. I hope you are safe and well. Know that you are amazing and have rights as a human. I am very sorry for anything that seems bad that may have happened in your life. I want you to know that you are incredible and are capable of wonders. What matters is your inside, not your exterior. Love yourself and cherish yourself. Words cannot explain how astonishing you are. You deserve care, love, and happiness, don't let anything make you feel otherwise. Please have appropriate action for anything that you know is wrong. Anything that seems bad or wrong in your life right now will get better. Please don't do what is wrong, fighting back and harming others will not solve the problem. Please understand that and do the good thing. It will one day come back to you. The people in the world are so much more than what we know about them, not everyone opens up about the beautiful things and acts they have witnessed, not all those amazing doings are acknowledged. Please understand that and know that. If you feel like no one cares about you, know that I care about you. Keep your head up high and never give up! Together, we can be a better community! Stay safe, healthy, happy, kind, understanding, positive and strong!
@@emaanahsansarfraz1940 e
Bruh me uses tlauncher
@@emaanahsansarfraz1940 Internet commenters have started writing digital novels now?
I dont have a minecraft account
Beluga: "There is no way to stop them. Me: Go onto single-player
Play on Bedrock
Me: has a slow wifi
Happy when I saw the upload date cause I just downloaded Java Edition!
@@zakem the hack is still working
@@terrainiyw1546 wait wut
This is so much better than his new content
I would go on Mumbo Jumbo’s account since he’s not playing much at the moment and I would log on to the hermitcraft amp
If I could log into anyone’s Minecraft account I would log into my account.
bigger brain
how could you
imagine logging into your account
Wish i would have one
lmao
when salc1 becomes fitmc
I was tripping lmao
Lololololololololololol🙃
“The earliest lawless server in cave game” - HealthyCaveGame
yeah fitmc hacked salc1
I had the same situation, it said login from another location, before that it sent me back to the lobby and in the end I took a new account
There was a live youtube stream of a very popular youtuber. He was playing with his friends when this infamous tragedy had happened. However due to his excellent security system, which was revealed during this period and he had to make it more better, he wasnt hacked. It basically gave us a hint that no one could ever hack him...
1:00 FitMC is actually just SalC1 confirmed
Funny
lol
I was about to say bro that caught me off guard 💀
@aRctic they have such different voices mannnn
People who play on bedrock edition: I am 4 parallel universes ahead of you
Yes
Yes
@netherite sword there's no software that can hack bedrock accounts
People who play on Minecraft EDU: I am 16 parallel universes ahead of you
Me with PIRATED minecraft: YOU FOOL I AM MILLION PARALLEL UNIVERSES AHEAD OF YOU!
Honestly, I'm pretty lucky i didn't get affected by this, and it's pretty shocking to see a lot of people being affected by this though back in 2020.
you know whats funny i am a minecraft veteran, but i barley know anything about the game, since i play it like every 3 years
370th subcriber
Soon i am gonna do that too
It's like using the Death Note, but you actually only need to know the name.
So the Death Note plus the Shinigami eyes
so... you would kill everyone with the name "Pop" instead of a certain person?
@@yoral no, it would know which one you want to kill
@@palachu yes but with the shinigami eyes you still need to know the name and face, and actually have seen the face once to know their name
Beluga: Everyone’s Minecraft was hacked, even yours. Me: *doesn’t have Minecraft account until 10/23/21* ok? I didn’t get hacked *1 month later* Me: *got logged out of Account cause of changing password* I will never know
I don't ever remember being hacked
@@cocoliumyt me too
@@cocoliumyt same...
i was never hacked i dont play minecraft that often but i never got hacked
Legacy
I must say, I would log into my friend's account and start messing around with his worlds, but nothing too devastating.
I never knew you can make such a good video and by the way thanks for the info!
3:27 that is freaking scary. Imagine only needing someone's username to be able to get in.
@Meme Maker oi oi mate, my might light bulb survives even the greatest wanker
BAD COMMENT YOUR GETTING HACKED
@Meme Maker I would imagine that the light bulb's firewall isn't great but the router (which is connected to the light bulb via wifi) does have a good firewall
@Meme Maker Having the wifi password wouldn't help the hacker unless they are within physical distance to your router. As long as your IOT devices are on a separate network you don't have to worry that much.
I did that with a minecraft account, just by a username glitch
So beluga: Really funny discord memes, and, Actually really well put together docos Edit: wow 400 likes thanks guys
Yeah this guys a legend
Fun fact nobody even knows my username because I've never been online in 2020 or now also I have nothing also also yes
Yes but i hate beluga pfps thinking they are funny
Can you gift mc account on my birthday
As well he gets like now around 40,000 new subs in a day
I never realized Beluga has made a video of this while speaking
This is scary, glad it's over now.
Plot twist: The people who started all this are watching this video and having a good laugh
Maybe its true edit: no its not me
Another plot twist: your the hacker and your just laughing
"Why you did you do it? Now we both will surely drown" Said the turtle "Lol" said the scorpion "lmao"
Yeah
Wheres the twist. This is likely just a fact
If this hack still existed till' this day, i'd quit minecraft lmao
Yes it still exist,they hack accounts and sell it for 5-20 usd
Why not just use it?
@@crmsonred why would he use 126 million account lol he would sell it so he get money
@@chao1322 i meant to use the hack
U can still come to bedrock LoL
i forgot this was beluga thought it was sunny v2 suddenly
Nintendo Switch: Bro what about me?
yeah i've gotten banned twice on hypixel in the past year (once for 89 days and once for 363 days), and i haven't played in _two years_
Bro same
same
The only time I got banned on Hypixel was nearly 1-2 years ago because I kept making pee pee’s in build battle
Same
My brother got permanently banned from hypixel for some reason.