Contact, Twitter, Login/Register

Update On The Nexus Mods Security Issues

in News
The Nexus Mods security issues seem to be mostly solved

If you don't know what I'm talking about and want the full story head over to this article I've done yesterday, but long story short there was reasonable suspicion that Nexus Mods may have had a security breach and that user passwords were in danger.

Luckily, the problem was much smaller than expected though there was a security breach back in 2013. So if you haven't changed your password since July 22nd 2013 make sure you do so as soon as possible, even though it doesn't appear that anyone has gained anything of value out of the stolen database. If you're interested in specifics read on.

All of the information comes from a post by the Nexus Mods founder, Robin Scott, on the website itself.

First of all, here are the details of what exactly happened:

"I am now in possession of the database dump, that was first reported on Reddit, via university security networks, and I can confirm several things. First, the database dump is "old", with the last member in the database having registered on July 22nd 2013. If you're one of the 4.2 million users who registered on Nexus Mods after this date, your details are not included in this database dump and are therefore considered "safe". Second, the database dump isn't a complete database rip. The dump contains user IDs, usernames, email addresses, hashes and salts, and that's it. It does not contain cracked passwords i.e. anyone with access to the dump would need to attempt to crack the hashes and salts themselves in order to get any sort of use out of them on the site."

If you don't know much about information security a password that is both hashed and salted tends to be very hard to crack as long as the passwords themselves are even reasonably complex. While it would take a while, no security is perfect and if someone was persistent enough they could get to the passwords which is why its suggested you change your password as well as ensure that you use a unique password for every major account you have (Steam, Facebook, Google, etc.).

The second important thing to note is that the stolen database is old, it dates before July 2013 meaning that whoever did it doesn't have access to the now more secure database, otherwise the information would be much newer. So if you have a new Nexus Mods account or have changed your password in recent years odds are you're completely in the clear. But as above, do make sure your accounts have different passwords so even if the worst case imaginable happens you lose nothing at all.

And finally, in regards to the three Fallout 4 mods that had new .dll files added to them:

"My previous news post also mentioned three compromised mod author accounts that had uploaded a suspicious file in place of legitimate mods on the site. I have been in contact with one of the owners of the compromised accounts personally, along with another individual who I know was compromised recently, and both were using extremely simple passwords. Passwords that would take a simple cracker mere seconds to crack. This helps to confirm that whoever is using this information is going for high-profile, but extremely easy accounts to crack.

To my knowledge, we have not seen any further suspicious activity in the file database at this time."

The mods in question are: Higher Settlement Budget (downloads from 5th December), Rename Dogmeat (downloads from 4th December), BetterBuild (downloads from 29th November). So if you have downloaded those mods recently make sure you delete them and change your passwords. The nature of the added file is so far unknown but there's no reason to take risks with it so act as if it was malicious.

And that is it, it would appear that this small crisis is now over and everyone can go back to installing "Immersive" facial animations back in to their Fallout 4. Its nice to see a happy ending.

Looking for more?