Potential Database Breach

[GeneticAnomoly]

Could this have something to do with why I'm constantly being told to log in through MO even though my pw is stored in that program? It's been weird for the last two days and I've never had that happen before. Maybe a curious coincidence?

[Lenoxxle]

In response to post #31599345.

jessb81 wrote: So should we be not downloading mods for a while?

Lol I was thinking I'm done for a whiille

[GazdaPaja]

Thanks for the heads up. Changed my email and put 32bit password...hopefully that'll be enough.

 

I suggest you all check this nifty little program called PWGen

[jbshr]

In response to post #31573580. #31574375, #31575725, #31576020, #31583240, #31585810, #31604210 are all replies on the same post.

Iamimpossibru wrote: And this is the precise reason why you should ALWAYS learn to manually alter files. Preaching NMM for convenience is bad practice. That is what leads to end user breaches, and complete disregard for web safety. I've encountered far too many mod authors and users alike pushing the miracles of NMM. No, just no. Learn to computer, or get off of one.

EmeraldShadow wrote: Not exactly. Manually installing mods is a massive pain and becomes impossible when you get large mod lists. The answer is mod organizer, it has a "manual" install option which shows what files are being installed, and thankfully all files are kept separate from not only the skyrim folder but also each other, so you can drag and drop different installation-orders separately. I always check what's going into my game when using MO, so I would have caught this.

morachi wrote: I'm sorry but no. I do this for a living and what you're saying is a fallacy.

NMM is just a utility that automates a cumbersome and often complex set of moves and edits any which a mistake can cause the mod if not the program not to work.

Following your logic we'd no longer use Group Policy to set user environments, we wouldn't use patch management to manage security updates or hell we wouldn't use anti-virus we would instead sift through the files one by one looking for vulnerabilities.

I got news for you. Knowing how to mod isn't even remotely "learn to computer" and your thinking it is reminds me of folks who think knowing how to Facebook is somehow equivalent of being an IT professional...

soulgamers wrote: I always Manually install my mods. cos I like to know where their going.
I do make a backup of those places first tho.

Yippy! . I'm a IT professional. would you credit that.

CnKx wrote: You're acting like installing mods manually takes a lot of skill or something?
NMM is just convenient to have and can save you a lot of time/trouble.
So I don't understand why you're making it seem like you're amazing for installing mods manually with the "learn to computer" LOL.

bowlesjd wrote: I'm curious what you think manually installed a compromised mod could possibly get you.

Or is this a dunning-kruger thing, where you've convinced yourself you have come up with some magical method to protect yourself, because you don't know enough to know what the actual danger is.

DuskDweller wrote: Well in this case, it's completely the other way around!
If you manually install the mod you would think of putting the dsound.dll in the game's folder, where it *could* be executed by the game's exe thinking it's a legit directx dll.

Since NMM won't install files in the game's root folder, that dll would end up harmless in the Data folder where nothing *should* try to access it.

Download the files manually and scan the archives. If you feel they are safe, then add the archive to nmm and install.

[Deleted9904557User]

I hope you add two-factor authentication soon.

[Trollenstein]

K, so I can't log into the forums and I don't know why. Login goes smoothly but it says "Sign in", and I'm signed into nexusmods.com obviously. No idea what's going on there.

 

 

There's no statement on whether or not all files are clean on the Nexus. Whether or not existing mods have been compromised. Whether or not the site is safe to use at all. That's a problem. I'm about ready to delete GBs of mod zips and rars, do a clean game install because of this issue alone, but I think I'm done using NMM and Nexusmods.com, likely indefinitely. Based on how the NMM software behaves, how it has been behaving, and how the "security firm" Nexusmods.com is paying $60,000 a year to keep the site safe let something go through is disconcerting. Virustotal is missing files as well, so that isn't even a legitimate way of saying "Hey guys, this mod is safe. No worries!" anymore.

 

I doubt more money will be coming as this news is bad regardless of your outlook on the future, so the security level may stay the same and it's already been broken through once, meaning there *will* be a 'next time'. If funding slows down then the security slips a bit more. Suddenly the site is no longer usable the moment people say "No thanks, I'll pass." en masse, and it looks like people are already saying that.

 

 

 

 

I'm not attempting to be a fearmongering hater. I like nexusmods and want to use mods. But based on how often I use this site and these mods, it's not worth it. I think I'm done and recommend others jump ship as well.. Purely because the site, without even considering any reduction of funding by users, is teetering on that edge of safe and unsafe. It's time to pack it up until the admins sort this s#*! out in a big way.

 

 

Like I said, gigabytes of data on my PC from this site have to be removed because of this problem, and the liability of things going south again is even higher because of this news. This is likely the last time I use the site.

Edited December 7, 2015 by Trollenstein

[Trollenstein]

In response to post #31611625.

akparkison wrote: I hope you add two-factor authentication soon.

Authentication can't solve the issue with files being ridden with malware and viruses. Just keeping passwords different is more than enough to deter issues with multiaccount theft. AFAIK they don't have the ability to prvent their files being infected with who knows what, and that is the actual problem.

[RealmEleven]

In response to post #31600785.

Baalshazar wrote: Could this potential virus been in other mods? In my case Fallout 3?

The attack appears to be on a broader scale than just this site so I think that now is a good time for everyone concerned about this to do a thorough scan of their hard disks and everything on them (not just the usual suspects).

[aachen82]

Thank you for being professional enough to notify us right away regarding the breach so that we have an opportunity to mitigate damages.

[Deleted9904557User]

In response to post #31611625. #31612080 is also a reply to the same post.

akparkison wrote: I hope you add two-factor authentication soon.

Trollenstein wrote: Authentication can't solve the issue with files being ridden with malware and viruses. Just keeping passwords different is more than enough to deter issues with multiaccount theft. AFAIK they don't have the ability to prvent their files being infected with who knows what, and that is the actual problem.

I do keep different passwords. Strong ones. And they are all stored on an external hard drive. But I changed mine here just now anyway. And the password change page isn't even secured. Which I find very annoying.

Personally as someone who had an old Tumblr account hacked. I wouldn't use their service again till they put in two-factor authentication. So my cell phone is necessary to log into Tumblr.

I don't play Fallout. But I was almost affected by the last breach when Skyrim mods were affected. Like SkyUI. I just missed getting an infected file.

Fortunately I manually download and scan all my files no matter what game they are for, whether from here or something for Sims, elsewhere.

I don't pay for a membership here for faulty security. That's for sure.