Potential Database Breach

[syteless]

I remember downloading the Rename Dogmeat mod and thinking that the .dll looked sketchy as all hell, and didn't use it.

[STANSHOME]

keep up the good work. you did every thing you could to work on and fix this problem quickly. I don't think anyone could ask for more from you.

[STANSHOME]

In response to post #31611950. #31612905, #31613765, #31614645 are all replies on the same post.

Trollenstein wrote: K, so I can't log into the forums and I don't know why. Login goes smoothly but it says "Sign in", and I'm signed into nexusmods.com obviously. No idea what's going on there.


There's no statement on whether or not all files are clean on the Nexus. Whether or not existing mods have been compromised. Whether or not the site is safe to use at all. That's a problem. I'm about ready to delete GBs of mod zips and rars, do a clean game install because of this issue alone, but I think I'm done using NMM and Nexusmods.com, likely indefinitely. Based on how the NMM software behaves, how it has been behaving, and how the "security firm" Nexusmods.com is paying $60,000 a year to keep the site safe let something go through is disconcerting. Virustotal is missing files as well, so that isn't even a legitimate way of saying "Hey guys, this mod is safe. No worries!" anymore.

I doubt more money will be coming as this news is bad regardless of your outlook on the future, so the security level may stay the same and it's already been broken through once, meaning there *will* be a 'next time'. If funding slows down then the security slips a bit more. Suddenly the site is no longer usable the moment people say "No thanks, I'll pass." en masse, and it looks like people are already saying that.




I'm not attempting to be a fearmongering hater. I like nexusmods and want to use mods. But based on how often I use this site and these mods, it's not worth it. I think I'm done and recommend others jump ship as well.. Purely because the site, without even considering any reduction of funding by users, is teetering on that edge of safe and unsafe. It's time to pack it up until the admins sort this s#*! out in a big way.


Like I said, gigabytes of data on my PC from this site have to be removed because of this problem, and the liability of things going south again is even higher because of this news. This is likely the last time I use the site.

akparkison wrote: Well I know I'm not paying for a premium membership any more since it obviously isn't helping the security of my account.

Thankfully I've only used NMM once for an Oblivion mod that required it. I always manually download and scan all my files myself. I don't trust their virus scanner.

Not even the password change page is secured. I didn't notice that till today. Not happy. I was almost hit with a virus when a few big Skyrim mods were hacked.

Glad I don't play Fallout. And all my passwords are strong and stored externally. I still changed mine here anyway and looks I'll spend the next couple of hours changing all my others.

RealmEleven wrote: One of the biggest problems of today's world is people making statements before they collect all the relevant facts.

I suggest patience ... and the use of an up to date virus scanner.

Netsplite wrote: Every site can be hacked with enough time be it human error or social engineering and them finding out and being open is actually a good thing which others rarely do.
Nexus has been always very open open in general and actually improving the site and the mod manager with the last few releases are a nice improvements.
It's not like they sit on their hands all day and security is normally an after thought but considering the impact a significant breach can have it's good they invest heavily in it.

Just because they might have an potential breach doesn't mean people should avoid it as we have no confirmation with only a few mods that had suspicious files.

You know hackers got onto the playstation network right. and I think they have way more money and personal then nexus does. So maybe you shouldn't get so uppity, or stop using the internet cause these things do happen.

[Hutspot01]

In response to post #31611950. #31612905, #31613765, #31614645, #31616115 are all replies on the same post.

Trollenstein wrote: K, so I can't log into the forums and I don't know why. Login goes smoothly but it says "Sign in", and I'm signed into nexusmods.com obviously. No idea what's going on there.


There's no statement on whether or not all files are clean on the Nexus. Whether or not existing mods have been compromised. Whether or not the site is safe to use at all. That's a problem. I'm about ready to delete GBs of mod zips and rars, do a clean game install because of this issue alone, but I think I'm done using NMM and Nexusmods.com, likely indefinitely. Based on how the NMM software behaves, how it has been behaving, and how the "security firm" Nexusmods.com is paying $60,000 a year to keep the site safe let something go through is disconcerting. Virustotal is missing files as well, so that isn't even a legitimate way of saying "Hey guys, this mod is safe. No worries!" anymore.

I doubt more money will be coming as this news is bad regardless of your outlook on the future, so the security level may stay the same and it's already been broken through once, meaning there *will* be a 'next time'. If funding slows down then the security slips a bit more. Suddenly the site is no longer usable the moment people say "No thanks, I'll pass." en masse, and it looks like people are already saying that.




I'm not attempting to be a fearmongering hater. I like nexusmods and want to use mods. But based on how often I use this site and these mods, it's not worth it. I think I'm done and recommend others jump ship as well.. Purely because the site, without even considering any reduction of funding by users, is teetering on that edge of safe and unsafe. It's time to pack it up until the admins sort this s#*! out in a big way.


Like I said, gigabytes of data on my PC from this site have to be removed because of this problem, and the liability of things going south again is even higher because of this news. This is likely the last time I use the site.

akparkison wrote: Well I know I'm not paying for a premium membership any more since it obviously isn't helping the security of my account.

Thankfully I've only used NMM once for an Oblivion mod that required it. I always manually download and scan all my files myself. I don't trust their virus scanner.

Not even the password change page is secured. I didn't notice that till today. Not happy. I was almost hit with a virus when a few big Skyrim mods were hacked.

Glad I don't play Fallout. And all my passwords are strong and stored externally. I still changed mine here anyway and looks I'll spend the next couple of hours changing all my others.

RealmEleven wrote: One of the biggest problems of today's world is people making statements before they collect all the relevant facts.

I suggest patience ... and the use of an up to date virus scanner.

Netsplite wrote: Every site can be hacked with enough time be it human error or social engineering and them finding out and being open is actually a good thing which others rarely do.
Nexus has been always very open open in general and actually improving the site and the mod manager with the last few releases are a nice improvements.
It's not like they sit on their hands all day and security is normally an after thought but considering the impact a significant breach can have it's good they invest heavily in it.

Just because they might have an potential breach doesn't mean people should avoid it as we have no confirmation with only a few mods that had suspicious files.

STANSHOME wrote: You know hackers got onto the playstation network right. and I think they have way more money and personal then nexus does. So maybe you shouldn't get so uppity, or stop using the internet cause these things do happen.

We're talking 3 affected mods and you're talking about removing GB's of mods and stopping using NMM.

How are you not fearmongering?

Just use plain old common sense. If a mod isn't an injector, it doesn't need a dll. And no mod needs an exe. Also, it's good practice in any case to always check a mod's (or mod-update's) files before installing. Not only because of crooks, but also because it makes sense to actually know what each mod affects file-wise.

[krist2]

In response to post #31611950. #31612905, #31613765, #31614645, #31616115, #31616655 are all replies on the same post.

Trollenstein wrote: K, so I can't log into the forums and I don't know why. Login goes smoothly but it says "Sign in", and I'm signed into nexusmods.com obviously. No idea what's going on there.


There's no statement on whether or not all files are clean on the Nexus. Whether or not existing mods have been compromised. Whether or not the site is safe to use at all. That's a problem. I'm about ready to delete GBs of mod zips and rars, do a clean game install because of this issue alone, but I think I'm done using NMM and Nexusmods.com, likely indefinitely. Based on how the NMM software behaves, how it has been behaving, and how the "security firm" Nexusmods.com is paying $60,000 a year to keep the site safe let something go through is disconcerting. Virustotal is missing files as well, so that isn't even a legitimate way of saying "Hey guys, this mod is safe. No worries!" anymore.

I doubt more money will be coming as this news is bad regardless of your outlook on the future, so the security level may stay the same and it's already been broken through once, meaning there *will* be a 'next time'. If funding slows down then the security slips a bit more. Suddenly the site is no longer usable the moment people say "No thanks, I'll pass." en masse, and it looks like people are already saying that.




I'm not attempting to be a fearmongering hater. I like nexusmods and want to use mods. But based on how often I use this site and these mods, it's not worth it. I think I'm done and recommend others jump ship as well.. Purely because the site, without even considering any reduction of funding by users, is teetering on that edge of safe and unsafe. It's time to pack it up until the admins sort this s#*! out in a big way.


Like I said, gigabytes of data on my PC from this site have to be removed because of this problem, and the liability of things going south again is even higher because of this news. This is likely the last time I use the site.

akparkison wrote: Well I know I'm not paying for a premium membership any more since it obviously isn't helping the security of my account.

Thankfully I've only used NMM once for an Oblivion mod that required it. I always manually download and scan all my files myself. I don't trust their virus scanner.

Not even the password change page is secured. I didn't notice that till today. Not happy. I was almost hit with a virus when a few big Skyrim mods were hacked.

Glad I don't play Fallout. And all my passwords are strong and stored externally. I still changed mine here anyway and looks I'll spend the next couple of hours changing all my others.

RealmEleven wrote: One of the biggest problems of today's world is people making statements before they collect all the relevant facts.

I suggest patience ... and the use of an up to date virus scanner.

Netsplite wrote: Every site can be hacked with enough time be it human error or social engineering and them finding out and being open is actually a good thing which others rarely do.
Nexus has been always very open open in general and actually improving the site and the mod manager with the last few releases are a nice improvements.
It's not like they sit on their hands all day and security is normally an after thought but considering the impact a significant breach can have it's good they invest heavily in it.

Just because they might have an potential breach doesn't mean people should avoid it as we have no confirmation with only a few mods that had suspicious files.

STANSHOME wrote: You know hackers got onto the playstation network right. and I think they have way more money and personal then nexus does. So maybe you shouldn't get so uppity, or stop using the internet cause these things do happen.

Hutspot01 wrote: We're talking 3 affected mods and you're talking about removing GB's of mods and stopping using NMM.

How are you not fearmongering?

Just use plain old common sense. If a mod isn't an injector, it doesn't need a dll. And no mod needs an exe. Also, it's good practice in any case to always check a mod's (or mod-update's) files before installing. Not only because of crooks, but also because it makes sense to actually know what each mod affects file-wise.

@arkparkinson
Are you serious? There is no system that is totally safe for hacking, if someone with enough know-how and resources want to hack a place they will. Even the FBI have been hacked...

[xybedout]

In response to post #31611950. #31612905, #31613765, #31614645, #31616115, #31616655, #31617020 are all replies on the same post.

Trollenstein wrote: K, so I can't log into the forums and I don't know why. Login goes smoothly but it says "Sign in", and I'm signed into nexusmods.com obviously. No idea what's going on there.


There's no statement on whether or not all files are clean on the Nexus. Whether or not existing mods have been compromised. Whether or not the site is safe to use at all. That's a problem. I'm about ready to delete GBs of mod zips and rars, do a clean game install because of this issue alone, but I think I'm done using NMM and Nexusmods.com, likely indefinitely. Based on how the NMM software behaves, how it has been behaving, and how the "security firm" Nexusmods.com is paying $60,000 a year to keep the site safe let something go through is disconcerting. Virustotal is missing files as well, so that isn't even a legitimate way of saying "Hey guys, this mod is safe. No worries!" anymore.

I doubt more money will be coming as this news is bad regardless of your outlook on the future, so the security level may stay the same and it's already been broken through once, meaning there *will* be a 'next time'. If funding slows down then the security slips a bit more. Suddenly the site is no longer usable the moment people say "No thanks, I'll pass." en masse, and it looks like people are already saying that.




I'm not attempting to be a fearmongering hater. I like nexusmods and want to use mods. But based on how often I use this site and these mods, it's not worth it. I think I'm done and recommend others jump ship as well.. Purely because the site, without even considering any reduction of funding by users, is teetering on that edge of safe and unsafe. It's time to pack it up until the admins sort this s#*! out in a big way.


Like I said, gigabytes of data on my PC from this site have to be removed because of this problem, and the liability of things going south again is even higher because of this news. This is likely the last time I use the site.

akparkison wrote: Well I know I'm not paying for a premium membership any more since it obviously isn't helping the security of my account.

Thankfully I've only used NMM once for an Oblivion mod that required it. I always manually download and scan all my files myself. I don't trust their virus scanner.

Not even the password change page is secured. I didn't notice that till today. Not happy. I was almost hit with a virus when a few big Skyrim mods were hacked.

Glad I don't play Fallout. And all my passwords are strong and stored externally. I still changed mine here anyway and looks I'll spend the next couple of hours changing all my others.

RealmEleven wrote: One of the biggest problems of today's world is people making statements before they collect all the relevant facts.

I suggest patience ... and the use of an up to date virus scanner.

Netsplite wrote: Every site can be hacked with enough time be it human error or social engineering and them finding out and being open is actually a good thing which others rarely do.
Nexus has been always very open open in general and actually improving the site and the mod manager with the last few releases are a nice improvements.
It's not like they sit on their hands all day and security is normally an after thought but considering the impact a significant breach can have it's good they invest heavily in it.

Just because they might have an potential breach doesn't mean people should avoid it as we have no confirmation with only a few mods that had suspicious files.

STANSHOME wrote: You know hackers got onto the playstation network right. and I think they have way more money and personal then nexus does. So maybe you shouldn't get so uppity, or stop using the internet cause these things do happen.

Hutspot01 wrote: We're talking 3 affected mods and you're talking about removing GB's of mods and stopping using NMM.

How are you not fearmongering?

Just use plain old common sense. If a mod isn't an injector, it doesn't need a dll. And no mod needs an exe. Also, it's good practice in any case to always check a mod's (or mod-update's) files before installing. Not only because of crooks, but also because it makes sense to actually know what each mod affects file-wise.

krist2 wrote: @arkparkinson
Are you serious? There is no system that is totally safe for hacking, if someone with enough know-how and resources want to hack a place they will. Even the FBI have been hacked...

No need to wipe everything. If you are really worried, do not install any mod with DLLs and EXEs. Your gigabytes of textures will not break your puter. {facepalm} Edited December 7, 2015 by xybedout

[Enyap]

I went to change my password as recommended in announcement and noticed that my current e-mail address shown in User CP is not one I recognize. Like unless I registered on Nexus drunk out of my mind, I'm positive it's not my e-mail. More so the shown e-mail is from yahoo mail and when trying to log in to that yahoo says that this id is not taken yet. How can this be possible? Is my account possibly not mine anymore?

[SjoertJansen]

Thanks for the notification. Much appreciated.

 

Don't worry about people over-reacting. People that respond so heavily towards a "possible" data breach is close to paranoia, they should not use the internet. Getting hacked is pretty much inevitable if true professionals try to get in. You just need to factor it in. Sites/networks with over a 100 times the funding get hacked.

Any internet user should know to not use the same password more than once, don't disable UAC and actually read. It is astonishing how often people blame all sorts whilst lacking the capacity to put in the effort to read or take care of their own security. Instead they expect a Free independent website to provide infallible security for them... You'd think people are spoiled these days.

[Azulyn]

Wouldn't be surprised if ads had something to do with it. Prior to the glory that is adblock, my PC was constantly under threat because of websites and their obnoxious slew of malware riddled ads...

[SjoertJansen]

In response to post #31617625.

Enyap wrote:

I went to change my password as recommended in announcement and noticed that my current e-mail address shown in User CP is not one I recognize. Like unless I registered on Nexus drunk out of my mind, I'm positive it's not my e-mail. More so the shown e-mail is from yahoo mail and when trying to log in to that yahoo says that this id is not taken yet. How can this be possible? Is my account possibly not mine anymore?

So, change it? You can easily change it, you just have to re-activate the account... Seeing as you posted, you must still have the correct password to do the change.