Database Breach - An Update

[ZedLeppelin]

In response to post #31726705.

lcars84 wrote:

I tried to change my password multiple times but when I submit the new password, it sends me to a login form while I'm stilled logged in and doesn't let me change the password.

 

I'm also redirected between secure and unsecure connections and those don't share the session cookie so I end up being logged out.

 

I don't have this problem with any other site but this one so I'm gonna assume that you have more problems than "just" a stolen database.

I had zero problems changing my password. If you can't manage it via your account profile, then log out, and instead of logging back in, use the "Forgotten your password?" link to reset it that way. Good luck! Edited December 9, 2015 by ZedLeppelin

[ZedLeppelin]

In response to post #31699195. #31709590, #31710865, #31717215 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers. Edited December 9, 2015 by ZedLeppelin

[ZedLeppelin]

In response to post #31714675. #31724210, #31725155, #31726105 are all replies on the same post.

SirPhoenixBlood wrote: i think the site might be infected i got a redirect to a mailware site on a Fresh boot pc that was rebooted a day ago (full reinstall of windows) so i know i dont got any virus or mailwear on my end but the site it self keeps sending me to some site caiming that my firefox needs to be updated when i just installed a New firefox fully updated

SirNesta wrote: I think your PC already got a malware :/ The site is completely safe and i never had any abusive redirection or that kind of stuff.
Try to scan your pc with your antivirus and malwarebytes for exemples.

I'm french so... sorry for my bad english ^^

rambojambo21 wrote: Use Chrome

ZedLeppelin wrote: You say a fresh windows reinstall, but that begs the question... Did you format your drive before the reinstall? If not, any virus/malware that was on your PC prior to the install, could still be there. Also, I've been using the Nexus mods site since 2011, and can tell you I've never gotten malware or a virus from this site. Not saying it can't happen, but pointing out that this is a pretty well run and maintained site. But then, I don't click banner ads. If a banner add interests me, I google whatever the ad is about and get to the content that way. Banner ads aren't under the control of the site usually, so they cannot guarantee a banner ad's legitimacy. And as the other poster commented, try run a virus scan, and if you don't have it, download Malwarebytes (you can git it from download'dot'com) and run that as well. In any case, you definitely have a browser hijacker of some sort on your PC. Good luck!

Yeah, and switch to Chrome.

[ZedLeppelin]

In response to post #31714220.

BomBamBaBy wrote: How safe am i if i changed all my passwords?

I'm no expert, but you should be quite safe after changing all your passwords. Unless your PC is infected by a key logger virus.

[Inboundwhisper]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

+1

[beaunidle]

In response to post #31632815. #31633835, #31640320 are all replies on the same post.

Dark0ne wrote: I promised I'd update you all on the possibility of a database breach on Nexus Mods that I announced yesterday morning and I am here with relatively "good" news.

I am now in possession of the database dump, that was first reported on Reddit, via university security networks, and I can confirm several things. First, the database dump is "old", with the last member in the database having registered on July 22nd 2013. If you're one of the 4.2 million users who registered on Nexus Mods after this date, your details are not included in this database dump and are therefore considered "safe". Second, the database dump isn't a complete database rip. The dump contains user IDs, usernames, email addresses, hashes and salts, and that's it. It does not contain cracked passwords i.e. anyone with access to the dump would need to attempt to crack the hashes and salts themselves in order to get any sort of use out of them on the site.

From this we can conclude a further two things. Firstly, that it's relatively safe to assume that whoever made this dump no longer has access to our database. Why? Because if they did, they'd have released a much more up-to-date dump of our member database. It would make sense they no longer have any access, considering we've patched up a lot of holes, applied countless security updates and switched to a far more secure database cluster system since July of 2013.

Second, if you've updated your password since July 2013, your account on the Nexus sites should be safe and secure, as they will not have your new hashes/salts/password information. If you have not updated your password recently, please do so now as I am now personally confident that there have been no recent breaches of our network or databases. Similarly, if you still use the password you were using in July 2013, or before that date, on any other sites or services you should update them immediately.

I would like to thank the HPE Security Research team who have personally helped me with this investigation and who securely provided me with the database dump as part of this investigation. Their help has been invaluable.

My previous news post also mentioned three compromised mod author accounts that had uploaded a suspicious file in place of legitimate mods on the site. I have been in contact with one of the owners of the compromised accounts personally, along with another individual who I know was compromised recently, and both were using extremely simple passwords. Passwords that would take a simple cracker mere seconds to crack. This helps to confirm that whoever is using this information is going for high-profile, but extremely easy accounts to crack.

To my knowledge, we have not seen any further suspicious activity in the file database at this time.

The malicious file that was uploaded, "dsound.dll", has been sent away to the malware research team at HPE Security Research to find out what it does and, hopefully, spread the word so it can be flagged by anti-virus software appropriately. Once again, a big thank you to the HPE Security Research team. They've provided an excellent service.

While we would like to force everyone to update their passwords so we can be completely in the clear when it comes to this breach, the only way we could force a password update is to make everyone's password invalid on the site and force you to do a password recovery via your email address. While that might be OK for our newer members (who this doesn't even affect), I imagine there are thousands, if not hundreds of thousands of users on this site who have signed up with email addresses they no longer have access to and would, instantly, become completely locked out of their accounts with no way of gaining entry back. So we have a bit of a conundrum in this respect, and I'm not entirely sure what to do.

In spite of the fact we think that we're "in the clear" on the possibility of a recent breach, we're not going to sit back and pretend like we couldn't be doing more. This scare has given us a real kick up the backside, so we're putting aside our work on the front-end for our NMM Profile Sharing at this time so we can focus on some improvements.

In the short-term, we've already begun work on more verbose logging of user actions on the site, especially in regards to logging the IP addresses you login with and use when performing major actions, such as uploading or removing files to the database. This should allow us to more easily analyse and spot suspicious activity on the sites when it occurs. If someone who previously used a static IP address for years starts making wild changes to all their files using IP addresses traced back to TOR, it's safe to say we're going to find that suspicious and will react accordingly.

We're also working on a system that will allow us to notify you, the users, when something as important as this comes up again. As it is, we have the functionality to send "full page notifications" to individual users when we want to make sure a user gets a message. Imagine a Private Message, but one you're forced to view and tick a box saying you've read the message, before you can browse the site again. While we can send these to individual users, we can't send this en-masse to every user of the sites, so we're going to modify this system so I can send out site-wide alerts and notifications for these important matters. You'll know when this system is finished because you will receive a notification (hopefully in the next few days) with information contained in these news posts and a reminder to change your password.

Following on from that, beginning next week we're going to bring forward work we had planned for the middle of next year in regards to our forum system. We aim to devolve more functionality away from our off-the-shelf Invision Board forums and into our own custom coded system that will allow us to have complete control over the member database and login security. Essentially, transitioning away from account security being controlled via the forums to account security being controlled via our own custom coded systems. Not only will this mean you no longer need to visit the forums to change your details, but it will also allow us to implement much stronger encryption of user data, Two-Factor authentication (no details as yet, but right now we're leaning towards Google Authenticator that will allow you to generate secure codes from your smart phones) and lots of our own custom touches that should make things a lot more secure in the backend. Idea being that even if the worst were to happen and another dump was released to the public, we'd make it absolute hell for anyone looking to crack the data.

And lastly, I'd like to thank you all for your response to this mini-crisis. Your words of understanding, support and encouragement, both publicly and via the outpour of private messages I've received have helped to stem the horrible feelings of disappointment in the announcement of this leak and provided me with added resolve to work my absolute hardest to get this sorted. I've said it plenty of times before, but I'll say it again; it really does make a massive difference when the people you're looking to do good by are as understanding and supportive as this community is.

zcul wrote: I think, it's the way of being open for informing the community of any gaps and giving a pre-caution, instead of covering up anything as politicians tend to do. The Nexus team I think are not politicians. So far, thank you for informing us in time, regardless the possibility it could take effect on users or not. Better safe than sorry ... :smile:

ElderScrollsFan001 wrote: very good to know I've chang mine twice scine joining so hopefully all is good

Thanks for the information - any data breach is a unfortunate but I have been impressed by your handling of this situation. Although I joined after the date of the rip, I have changed my passwords as a precaution. As has already been said - better safe than sorry.

[ADragonCalledGeorge]

First of all I wanted to thank you Dark0ne for all your help in making the Nexus what it is today! Skyrim is my favourite game of all time and I love using mods and looking through new mods and watching mod reviews on YouTube etc. Shame I can't make mods myself but I'm nowhere near smart enough. Anyhow, I ran into a slight problem.

 

Basically my account is very very old (2 or 3 years old. At the time I used an alternative email address to my current one since I got a new one after a while and I forgot the password and stuff to that account. I also can't seem to remember this password since I had my PC set to remember this password automatically.

 

I want to change my password and email address but I cannot remember my details so I am afraid I cannot change them. I was wondering what I should do now. I tried recovering my email through the official methods (I have Yahoo!Mail) but nothing works.

 

Any thoughts on what I should do next? I payed for Premium membership ages ago so I would hate to lose that functionality if I make a new password.

 

Many thanks in advance and keep up the great work!! :)

[Aricole]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

+1

[lordmanticore]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

Aricole wrote: +1

+1

[btgbullseye]

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475 are all replies on the same post.

rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.

JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.

Lokie7 wrote: I second this, entirely. Well said.

Netsplite wrote: ^ +1

ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.

Inboundwhisper wrote: +1

Inboundwhisper wrote: +1

Aricole wrote: +1

lordmanticore wrote: +1

+1