The stolen-account economy
There's an entire market for hacked Minecraft accounts: credentials from database leaks get checked against Mojang/Microsoft auth, working logins are bundled and resold on alt shops for cents apiece. The buyers are rarely well-intentioned — a stolen account is a disposable identity for ban evasion, griefing crews and bot fleets. And because it's a perfectly valid premium account, online-mode authentication happily waves it through.
How detection works
- Flagged at the edge — every joining account is checked against continuously updated intelligence on stolen and credential-leaked accounts, at the PoP, before the join reaches your backend.
- Kicked with your message — flagged accounts are disconnected with a configurable kick message. The default tells the real owner their account seems compromised and how to secure it.
- Whitelist for exceptions — up to 2,000 player names per network bypass the check, for false positives or accounts you've verified yourself.
- One toggle — it lives in your network's antibot section. Turn it on, customize the message, done. Every PoP enforces it from that moment.
Punishing the thief, protecting the victim
Kicking a stolen account isn't just defense for your server — it's the only moment the real owner actually finds out. Most people whose accounts are farmed on alt shops have no idea; the kick message is often the first signal that tells them to change their password. Your server stays clean, and somewhere a player gets their account back.
It also closes a hole that nothing else covers: AntiVPN classifies the connection and the verification gauntlet proves there's a human — but a patient human on a residential line with a stolen premium account passes both. This check follows the account itself.
Availability
Stolen-account detection is included on Essential ($25/mo) and up — see the full plan comparison. It's part of the same edge pipeline as the rest of the antibot stack, so there's nothing to install and no plugin to configure.
Stolen-account questions
What counts as a stolen account?+
Accounts flagged in continuously updated intelligence on compromised Minecraft accounts: credentials exposed in leaks, accounts being resold on alt shops and cracked marketplaces, and accounts observed being traded as bot or burner stock. The flag follows the account, not the IP.
What does the kicked player see?+
Your configured kick message. The default explains that the account appears compromised — flagged as stolen or with leaked credentials — and tells them to secure it (change the password) before reconnecting. You can fully customize the wording in the panel's messages section.
What about false positives?+
Every network gets a whitelist of up to 2,000 player names that bypass the check — one click from the connection log to add someone. And once a real owner secures their account, the flag clears as the intelligence updates.
Does it work on offline-mode servers?+
It's built for online-mode networks, where accounts are real Mojang/Microsoft identities that can actually be stolen and resold. On offline-mode networks the concept doesn't apply the same way — lean on the verification gauntlet and AntiVPN there instead.
Which plans include it?+
Essential ($25/mo) and up, including Value and Enterprise. Turning it off or editing the whitelist is always available; enabling it requires the plan feature. It's one toggle in the antibot section of your network.
Create a network and flip the toggle — flagged accounts stop at the edge from the next join onward.