So, a rather unfortunate bug on the Minecraft website.

Minecraft allows you to change your name every 30 days. I was reverse engineering their API so I could use it personally.

On the username change form there are two fields: your desired username, and your password.

To protect myself from actually changing my name, I purposefully put in password123 so that it would fail. Then, I clicked "Change name" to monitor the network traffic.

Well that's when two unfortunate things combined.

#1: I used my last name to test. It's a unique word that is relatively short and very easy for me to type out of habit.

#2: That password field doesn't actually get validated.

So imagine my shock when I clicked "change username" and it WORKED.

And now my username is doxxing me for at least 30 days + the permanent name history


  • 15
    You should contact their support abt both things, who knows how many other invalidated fields like this there are, plus they can remove it from history
  • 4
    @frogstair I did, I hope they are able to help.
  • 13
    Change your skin to nude old man and own it for a month.
  • 4
    Minecraft support and security have been garbage, historically.

    I'd quip about it but my thumbs are tired and I hate typing on mobile.
  • 0
    Any updates?
  • 1
    @frogstair they changed my name a few days later but kept the history. Oh well.
Add Comment