If you know a little about how Minecraft log ins work, you probably know what a session ID is. It's a special code that identifies your user to servers while you play. Reddit user DONT_SUPPORT_MINPLEX reported that he found a new hacked Minecraft client that allows anyone to login as any player, as long as they have their username and session ID.
The Reddit user reported that whoever made the hacked client was charging $15 for it, but the creator did make a YouTube video (screenshot above). While this is somewhat of a major problem in the way authentication is handled in Minecraft, it's not as big of a deal as you might think.
Session IDs are only created when a player joins a Minecraft server, and they are only valid for about 30 minutes after the player leaves the server. So if you haven't played on a Minecraft server in over that amount of time, you're in no danger.
Still, it's something Mojang needs to address. See the source link for the original post on Reddit.
Source: Reddit
The Reddit user reported that whoever made the hacked client was charging $15 for it, but the creator did make a YouTube video (screenshot above). While this is somewhat of a major problem in the way authentication is handled in Minecraft, it's not as big of a deal as you might think.
Session IDs are only created when a player joins a Minecraft server, and they are only valid for about 30 minutes after the player leaves the server. So if you haven't played on a Minecraft server in over that amount of time, you're in no danger.
Still, it's something Mojang needs to address. See the source link for the original post on Reddit.
Source: Reddit