A Minecraft Migrated Account Session Vulnerability Security Advisory has been published by Team Avolition in which a method to exploit “migrated” Minecraft accounts is revealed. In their advisory, they mention that this vulnerability needs to be fixed on the authentication level by Mojang Specifications as it cannot be resolved on a server locally.
According to comments on Hacker News, notch said that he took down the auth servers until they’re fixed.
UPDATE: the fix has been applied successfully and the auth servers are back online.
