Nexus hacking

[LHammonds]

The nexus should do one of those hacking tournaments where they ask people to hack their website and if they can they get like $10k.

You have got to be joking. There are professional firms that can run penetration tests to probe for weaknesses in the site code, database and OS....for much less than $10k.

 

Since I'm here, I'll go ahead and reiterate what I said on page 3:

 

I would recommend changing your passwords regardless of how passwords are stored in the database. The database was compromised, therefore, it would be wise to change your password...and please don't use the same passwords you use on other sites.

 

Keep your passwords unique to the site...if you must use a similar password everywhere, find a way to make it unique to each site.

 

Got too many to remember? You might want to use a helper utility to store your info. Example: Portable KeePass

 

EDIT: And if you are getting spam, simply create a new email at Gmail or Yahoo and update your profile to use the new email address.

 

LHammonds

[Gam0rdude]

dang console tards... they dont seem to like mods that much!

damn, im surprized the kid even knew how to spell, let alone hack!

[JimboUK]

I've not got any more spam than usual, I've changed my password anyway just to be on the safe side.

[Deleted1744345User]

I checked my email today only to find some spam for male enhancement. It was just one, but I really hope it doesn't get worse. I already have to deal with spam from Dell and EA games.

[wrinklyninja]

This is unacceptable. You owe it to your 1.9 million users to report this to the authorities. Failure to do so could easily result in legal action against you in the form of a class action lawsuit in the event that this very serious breach compromises more than e-mail addresses. MD5s are easily cracked, personal information is not even encrypted.

 

Maybe such legal action could be taken against Dark0ne and the Nexus sites, but who would be that big a dick - you?

 

Making any sort of move against Dark0ne and the Nexus sites would be irresponsible as a member of the modding community, as it would probably result in the sites going offline (since site costs are high and income is not extra-ordinary, IIRC) and the loss of tens of thousands of mods not found elsewhere, not to mention the loss of a large hub of the modding communities of several games. I'd imagine that wouldn't go down well with the other 1.9 million other users...

 

In this day and age, you've got to be an idiot to put personally identifiable information up on a site which doesn't explicitly require it. This internet is just as much a terrible place as it is a wonderful one, and pretty much everyone forgets that. Just as other people in life are generally OK, so too are people on the internet, but that's an average of the very good and the very bad, and it's wrong to assume the latter doesn't exist/is in the minority.

 

LHammond's been posting about using separate passwords for every site you use - that's a good idea. I personally have 12 passwords spread roughly across three levels of security, ranging from 6 letter passwords (for sites with no personal info) to 30+ random character passwords for my most precious details. I don't write down these passwords, I have them memorised - my web browser remembers some of them (the most commonly used, like my Nexus one), but my computer is passworded and encrypted with the strongest of my passwords, and I never leave it unattended, so it's not really an issue. I also have about 10 email accounts I use regularly, most independent and used for different things (eg. I have one specifically for modding).

 

Practising such careful computing is a much better solution to such a problem as this than class action lawsuits, seeing as it's a preventative to personal damages in the first place.

Edited December 11, 2010 by wrinklyninja

[XTR3M368]

I had some new spam emails but they just get added to my growing "block domain" spam list. Some of them had standard domains so I just added them to the "block senders" list. I don't want to block yahoo lol. I figure a couple of more days or weeks and I will be back to getting hardly anything.

 

To those of you getting all up-ity about this.

#1 It wasn't Dark0ne's fault.

#2 He apologized profusely even though it wasn't his fault.

#3 This is hands down the best modding site out there period....don't do anything to jeopardize that please.

 

Going after what probably will end up being a pimply faced loser teen-ager with no real life using their parent's account (without their knowledge) doesn't sound like a good use of resources to me. I am doing as LHammonds suggests and moving on. Threatening the Nexus with a class action is lame. Count me out when and if anyone is looking for people to join that kind of crap. I will have a finger all ready for you. Guess which one. ;)

Edited December 11, 2010 by XTR3M368

[Dark0ne]

I'm well aware of my obligations; imagined or not.

[Deleted2197662User]

You just got told?

[SylvanRuin]

(gasp) whats going on? mischief?

 

those silly little monkeys are causing trouble, you just throw a peanut, they go get it. Oo-ah. Monkey talk works too, you say oo-ah and they go oo-oo. Just dont say ah-ah they be sensitive about the ah-ah!

 

OH NOES!!.......it was a peanut.

[rhystel]

Password changed and thanks for the warning Dark0ne