Potential Database Breach

[C0drm0nk33]

I would request that SSL be added to the password change and account creation pages if it's not already there. It's possible that the breach is occurring at the universities by middlemanning the information instead of at the site, this could be avoided by encrypting the traffic.

[Ithildin]

Thank you for letting us know, I appreciate it!

[Baalshazar]

Could this potential virus been in other mods? In my case Fallout 3?

[DarkwaterV2]

So why not force a password reset on all accounts?

[RealmEleven]

OK, about that dead system scan. I went hunting and I think I brought home a buck :)

 

I checked over the system and something in the recycle bin got flagged because I decided to go tank a driveby from some political activist who's been trying to hack through my email for years now (and frankly, I'm getting sick of it). It got bounced by something nifty I did to a browser I won't name here (and nobody would ever guess either). Anyways, Defender reached out and grabbed the payload by the throat. So, I guess that explains the recycle bin. I cracked open hyberfil.sys and scanned that - it came up clean so I doubt anything nasty's made it into memory yet.

 

However, I found the buck hiding in an executable archive - one of the third party programs which is a dependency for a few mods distributed on the Nexus. The appropriate chunk of Avira's log is as follows:

 

Begin scan in 'R:\' <A-Archive-8.1>

[0] Archive type: OVL

--> R:\Drivers-and-Applications\Games\CheatEngine64.exe

[1] Archive type: Inno Setup

--> {tmp}\OCSetupHlp.dll

[DETECTION] Contains patterns of software PUA/OpenCandy.Gen

[WARNING] Infected files in archives cannot be repaired

R:\Drivers-and-Applications\Games\CheatEngine64.exe

[DETECTION] Contains patterns of software PUA/OpenCandy.Gen

 

Beginning disinfection:

R:\Drivers-and-Applications\Games\CheatEngine64.exe

[DETECTION] Contains patterns of software PUA/OpenCandy.Gen

[NOTE] The file was moved to the quarantine directory under the name '50ade5a8.qua'!

 

Please take note, Avira admits that it only found "patterns of" so this could just be some heuristic false alarm seeing as I never intended to run CheatEngine until it had at least 48 hour quarantine and then a nice deep scan. Without running it on a clean system, it's a bit hard to see if it leaves it's paw-prints where they don't belong and, well, I won't be running it now - at least until the dust settles and things get a little clearer (and quarantined scans start coming up clean). Moreover, I think everyone can see why it might be a good idea to quarantine third party software from unknown authors for at least 48 hours before scanning and installing...?

 

Anyways, I hope this sheds some light on things...

[Sarge4206th]

HEADS UP.

Paypal just flagged me that someone tried to access my account multiple times after DL of one of these 3 files. in the last 4 days.

These guys are hunting for financials evidently the access came from the Chicago,IL area.

[IamEmerald]

I have recently had odd things happen with the Nexus site, but I don't know if they are in any way related to the potential breach.

When I open links to random mods and categories, it will redirect me to an ad site, (This last happened a few days ago and I honestly cannot remember what the site was). It was similar to Adfly, there was a bar at the top, something along the lines of "Wait X more seconds before you will be redirected" Each time, I closed the tab before it loaded fully, to avoid popups that won't allow you to close the window itself.

It was weird, and not something that has ever happened to me (Before a few days ago) when on the Nexus.

I've had MalwareBytes block potentially malicious stuff several times while on the site too, but that stopped a while ago.

If that helps, great! If not, oh well.

Either way, thanks for the heads up!

Good luck getting to the bottom of the issue

[masatoishikawa90]

That is why I used a mocked up e-mail purely only from downloading stuffs and avoid using my main e-mail that contains and links personal data, accounts...what if they can find trace and can link to other sources? this is troubling really troubling.

[RealmEleven]

In response to post #31595715.

PJS1488 wrote: Why can't criminal hackers use their skills for the good of society, like Anonymous, instead of being slimy scumbags?

Well, quite a few of them think they are acting for the "greater good". Some of them think of themselves as modern day Robin Hoods while others are, in their delusions, dueling with the "great satans" of the world such as "Internet Gaming Disorder" and not to mention trying to censor "shills" who, in most cases, are really just outspoken authors expressing a point of view. And politicians (the people you vote for at the elections) are the worst offenders. Those guys are forever trying to hack one-another's sites not to mention any other site they don't approve of - and then they have the temerity to point the finger at the common folk.

Give a man an "ideal" and you give him a reason to feel proud of making some poor victim miserable or, for that matter, a reason to feel proud of going to jail for committing a criminal act.

[Coughdropaddict]

Damn, it's been so long I've forgotten what my password here is. Think I should try to get a new one anyway? I'm pretty sure whatever it is it's not one of my others.