The same hacking group that took over Mark Zuckerberg's Twitter account said on Tuesday it had found a way to break into accounts connected to the hit game Minecraft.
Later on Tuesday, Microsoft, which bought Mojang two years ago, said it had fixed the issue.
OurMine didn't revealing details behind the hack. The group said it worked by stealing the Internet cookies from the site, which could be used to hijack any account. All that OurMine needed was the victim's email address.
To test the hack, IDG News Service created a user account on Mojang, emailed OurMine and asked the group to break into it, which the group did. To show proof, the group renamed the user profile to "OurMine Team."
The hack could have allowed the group to change the account's password, too, OurMine claimed. But the hacking team said it has no malicious purpose in exposing the vulnerability.
"We found this exploit because we don't want other hackers to know it," the group said.
The hack targeted the user account system that customers rely on to access the PC and Mac versions of the game. OurMine said it would reveal the entire hack to Mojang once the developer contacted the group.
The hackers have offered little information about themselves, but they've become best known for taking over the social media accounts of high-profile tech executives, including Zuckerberg and Google CEO Sundar Pichai.
In emails, the group has said it merely wants to help the public become aware of today's cybersecurity problems, including the use of weak passwords.
The Mojang hack highlights the vulnerability of Internet cookies, which can store information like site preferences or user account credentials for site authentication.
If those are stolen, a hacker can use the cookies to impersonate the victim's online identities. Security flaws in browsers and credit-card sites have exposed cookies to easy theft in the past.
In OurMine's case, the hackers somehow cloned Mojang's user account site as a way to extract the cookies. OurMine says on its website that it sells services where it will examine a user's Internet accounts and websites for weaknesses.