Jump to content

Database Breach - An Update

Dark0ne

By Dark0ne
in Site Updates

 Share

Recommended Posts

xander2077 Collaborator

xander2077

Posted
Posted
In response to post #32627640.


bben46 wrote:

We don't have your credit card number in our database because we don't process credit cards here. And if you could read you would have seen that the breach in question was 3 years ago. And was patched 3 years ago with a minimum of fuss and bother. So something that happened 2 days ago, or 2 years ago would not even be a part of the data that was leaked before you were even a member.

 

A data base breach means someone was able to download a part of a data base (probably not even all of it) - that does not mean they could read it. The data is encrypted salted and hashed (look it up) and can take a long time for a hacker to be able to unencrypt any passwords, and then they don't get all but just a few at a time, those that are simple and short. Longer complex passwords that don't use dictionary words take much longer to crack ( years) - then what do they get from our database? No financial info at all. No real name, no home address, no telephone number, they do get whatever age you claimed if you included that, and maybe sex if you didn't lie, (Honest, we don't check to see if you lied about your sex here) they do get a email, but that is not exactly a secret is it? About the only info useful to a hacker is being able to match a cracked password with an email. They can then try that email/password combination on other sites to see if it works - That is why we say do not use the same password for any other sites. IF you were dumb enough to use the same password and email to deal with your bank - they now own your banking info and can clean you out. However - IF you didn't use the same password, they get - nothing. And IF you change your password from time to time they get - nothing.

 

A breach at Nexus is not nearly as serious as some site like FaceBook. What personal info did you give FB? they require your real name and some other personal info just to sign up.

 

And if you do like I do and use a separate email for game stuff, and another separate email for EACH financial account with an entirely different password they don't even get that. And I lie a lot on the security questions ( Q: What is your favorite color? A: Tuesday)


i like that! favorite color tuesday, thinkin outside the box... i havent had that security question pop up yet, but good tip on how to fool anyone tinkering with accounts... i use fictitious info too, like first car, and mothers name etc... that way if anyone did get that info it would not work when they try to plug it in.
Link to comment
Share on other sites
  • Replies 547
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

xander2077 Collaborator

xander2077

Posted
Posted
In response to post #32558585.


Zugmaster wrote: Could it be possible to get some information about that questionable dsound.dll file? I personally was lucky enough to not download it, but one of my friends did download it and run Fallout 4 with that file in .exe directory. It would be extremely helpful to know if it actually did something harmful and if there is need to do cleanup (beyond the usual AV scans) or clean install OS because of it.


most likely it is a way to try and get peoples MMO logins by way of crap shoot (in other words it might work and it might not depending on what they were targeting). if it was posted as a general file for any game that might use it, then it could possibly be trying to get that info since it is right there in the game directory. that’s the only way i can think of it being useful. ever wonder where people get logins for MMOs they post on the web? probably something like that. if it was a bit more sophisticated with several more lines in it than a standard dll file, it could possibly be some serious spyware. there are ways to rid a system of things like that dll without a full wipe, combofix is one i recommend, but it comes with its own disclaimer. when i still ran windows it helped me many times without borking critical files and i was still able to fix app directories if it got rid of dlls or other things. it generates a log of what it removed so you can look to see if there was anything removed that needs replacing with legitimate files. TDSSkiller is another program that can follow rootkits and identify the offending process and follow it to its source file. unfortunately, in windows environments, they are extremely vulnerable to all kinds of nasty stuff, so i just got tired of trying to make it work and went linux instead, the downside is it is a bit harder to get games to work (or should i say more labor intensive), the upside is there are much fewer exploits in linux and usually they close pretty fast with updates, and in some cases all you have to do is change the kernel build and the exploit is gone. for me, being a gamer, and knowing i might have to download unsecured files (like mods) that could try and use windows exploits, it just made sense to migrate to a more secure OS and sandbox windows games in a wrapper where they dont have access to the web. sure it takes a bit more to get games working, but i usually get them to work flawlessly by following guides and doing a bit more on my own by running a debugger to find out what else might be missing for things to run. sounds like a lot of work, but i will take it any day over wide open windows. i also dont play native windows MMOs. although i have played a few linux native MMOs, but i like my single player games better.
Link to comment
Share on other sites
bben46 Grand Master

bben46

Posted
Posted

As a warning. Combofix is not recommended unless you really do know what you are doing for a good reason. It can remove things that are required for windows or some other program to work. And the user is supposed to know what those are before using it. :whistling: As it warns you before use - Use at your own risk.

Link to comment
Share on other sites
Slavemaster4u Collaborator

Slavemaster4u

Posted
Posted
In response to post #32627640. #32629655 is also a reply to the same post.


bben46 wrote:

We don't have your credit card number in our database because we don't process credit cards here. And if you could read you would have seen that the breach in question was 3 years ago. And was patched 3 years ago with a minimum of fuss and bother. So something that happened 2 days ago, or 2 years ago would not even be a part of the data that was leaked before you were even a member.

 

A data base breach means someone was able to download a part of a data base (probably not even all of it) - that does not mean they could read it. The data is encrypted salted and hashed (look it up) and can take a long time for a hacker to be able to unencrypt any passwords, and then they don't get all but just a few at a time, those that are simple and short. Longer complex passwords that don't use dictionary words take much longer to crack ( years) - then what do they get from our database? No financial info at all. No real name, no home address, no telephone number, they do get whatever age you claimed if you included that, and maybe sex if you didn't lie, (Honest, we don't check to see if you lied about your sex here) they do get a email, but that is not exactly a secret is it? About the only info useful to a hacker is being able to match a cracked password with an email. They can then try that email/password combination on other sites to see if it works - That is why we say do not use the same password for any other sites. IF you were dumb enough to use the same password and email to deal with your bank - they now own your banking info and can clean you out. However - IF you didn't use the same password, they get - nothing. And IF you change your password from time to time they get - nothing.

 

A breach at Nexus is not nearly as serious as some site like FaceBook. What personal info did you give FB? they require your real name and some other personal info just to sign up.

 

And if you do like I do and use a separate email for game stuff, and another separate email for EACH financial account with an entirely different password they don't even get that. And I lie a lot on the security questions ( Q: What is your favorite color? A: Tuesday)

xander2077 wrote: i like that! favorite color tuesday, thinkin outside the box... i havent had that security question pop up yet, but good tip on how to fool anyone tinkering with accounts... i use fictitious info too, like first car, and mothers name etc... that way if anyone did get that info it would not work when they try to plug it in.


I use "abnormal" for security answer. Which is not in any way connected with password. Also, you give good advice about separate email account for games, with different password. As a rule, I never use the same password twice. Every signup that requires a password should be completely different from any other. Lastly, on validation. Google uses 2 step verification. Which is great because it sends a code to my phone in order to log in. But only when I make a change to log in. Such as different browser, or different IP. So maybe Nexus can go that direction, maybe. Your prompt attention to this is greatly appreciated. Thank you
Link to comment
Share on other sites
Zugmaster Newbie

Zugmaster

Posted
Posted
In response to post #32558585. #32630560 is also a reply to the same post.


Zugmaster wrote: Could it be possible to get some information about that questionable dsound.dll file? I personally was lucky enough to not download it, but one of my friends did download it and run Fallout 4 with that file in .exe directory. It would be extremely helpful to know if it actually did something harmful and if there is need to do cleanup (beyond the usual AV scans) or clean install OS because of it.
xander2077 wrote: most likely it is a way to try and get peoples MMO logins by way of crap shoot (in other words it might work and it might not depending on what they were targeting). if it was posted as a general file for any game that might use it, then it could possibly be trying to get that info since it is right there in the game directory. that’s the only way i can think of it being useful. ever wonder where people get logins for MMOs they post on the web? probably something like that. if it was a bit more sophisticated with several more lines in it than a standard dll file, it could possibly be some serious spyware. there are ways to rid a system of things like that dll without a full wipe, combofix is one i recommend, but it comes with its own disclaimer. when i still ran windows it helped me many times without borking critical files and i was still able to fix app directories if it got rid of dlls or other things. it generates a log of what it removed so you can look to see if there was anything removed that needs replacing with legitimate files. TDSSkiller is another program that can follow rootkits and identify the offending process and follow it to its source file. unfortunately, in windows environments, they are extremely vulnerable to all kinds of nasty stuff, so i just got tired of trying to make it work and went linux instead, the downside is it is a bit harder to get games to work (or should i say more labor intensive), the upside is there are much fewer exploits in linux and usually they close pretty fast with updates, and in some cases all you have to do is change the kernel build and the exploit is gone. for me, being a gamer, and knowing i might have to download unsecured files (like mods) that could try and use windows exploits, it just made sense to migrate to a more secure OS and sandbox windows games in a wrapper where they dont have access to the web. sure it takes a bit more to get games working, but i usually get them to work flawlessly by following guides and doing a bit more on my own by running a debugger to find out what else might be missing for things to run. sounds like a lot of work, but i will take it any day over wide open windows. i also dont play native windows MMOs. although i have played a few linux native MMOs, but i like my single player games better.


I'm just hoping that admins could give at least some kind of reply for this, I mean that they sure got at least some answer from the security labs they sent the file sample to. Had anyone tried to scan the suspicious file with Virustotal now after it got submitted, does it get any detections now? Just give me the MD5 hash of that file, anything that can give any info about it!
Link to comment
Share on other sites
phantompally76 Community Regular

phantompally76

Posted
Posted
In response to post #32546335.


Tefle Huden wrote: Perhaps I did not see it when I read it, but does this affect Premium Members and our account information for what we've donated? I know at one point I donated quite a bit to Nexus. I'm just checking to ensure that has not been compromised in this breach, as I would need to notify my financial institutions.

You may message me privately with an answer if you wish. Thank you Nexus Staff.




On behalf of everyone else here with even a shred of common sense and decency, I would like to apologize that your question was addressed in such a condescending and inconsiderate manner, especially the "If you could read you would have seen" part.. I don't know why that's allowed, nor do I know why it seems to be encouraged. I don't like it, but other than to reinforce that I don't approve of it, there's nothing I can do about it. But again, I'm sorry you were treated that way. I mean, a simple "yes" or "no" would have sufficed.....
Link to comment
Share on other sites
bben46 Grand Master

bben46

Posted
Posted

dsound.dll is a common file name used by several ligit programs. If you downloaded a file here it has been scanned by VirusTotal. That is what that little green check mark to the right of a file name means ( If it doesn't have that mark it may not have been scanned yet). It takes multiple hits on VirusTotal to quarantine a file. That is to avoid false positives. VirusTotal uses over 50 virus scanners on each file - so if 49 show clean, and one or two shows a possible virus that is considered a false positive.

 

Here is the link to VirusTotal if you want more information: You can use it to scan single files yourself. :thumbsup:

 

As for financial info, We do not and have never kept any financial information on any Nexus site. If you have donated, you used PayPal to donate. You gave your info to PayPal and not Nexus. What the breach 3 years ago got was a few Nexus passwords that they could match up with email addresses to go fishing with. If you have changed your password in the last 3 years you are safe. If you have not, and had a relatively good password ( more than 6 characters and not a common dictionary word or a common password,) you are safe - if you are worried - please change your password. Change it even if you are not worried because tat is just common sense. - And, if you used the same password on other sites change it there also. (more common sense)

 

I use a password program called LastPass - it's free and works in the background giving you more secure passwords. It will also warn you if you use the same password on more than one site.

 

Nexus passwords are not stored as is, they are salted and hashed then encrypted. It takes time, lots of time to crack any but the simplest passwords - and as we have no financial info, they aren't going to get rich from what they find here. Meaning they just spent days or weeks to crack a few of the more simple passwords to get things like a list of what mods were downloaded and endorsed. :psyduck:

 

As for personally identifiable info, we don't even know your real name. You are just a user name to the Nexus. We don't know your home address, phone number or mothers maiden name either because we really don't need it for what we do here. :tongue:

Link to comment
Share on other sites
WightMage Collaborator

WightMage

Posted
Posted (edited)
In response to post #32546335. #32735595 is also a reply to the same post.


Tefle Huden wrote: Perhaps I did not see it when I read it, but does this affect Premium Members and our account information for what we've donated? I know at one point I donated quite a bit to Nexus. I'm just checking to ensure that has not been compromised in this breach, as I would need to notify my financial institutions.

You may message me privately with an answer if you wish. Thank you Nexus Staff.
phantompally76 wrote:

On behalf of everyone else here with even a shred of common sense and decency, I would like to apologize that your question was addressed in such a condescending and inconsiderate manner, especially the "If you could read you would have seen" part.. I don't know why that's allowed, nor do I know why it seems to be encouraged. I don't like it, but other than to reinforce that I don't approve of it, there's nothing I can do about it. But again, I'm sorry you were treated that way. I mean, a simple "yes" or "no" would have sufficed.....


Hey, the post in question got deleted. ^^

Edit: Nevermind. Was posted elsewhere. Edited by WightMage
Link to comment
Share on other sites
WightMage Collaborator

WightMage

Posted
Posted
In response to post #32618190. #32629530 is also a reply to the same post.


Usseryl wrote: Less than two days ago, I purchased a lifetime membership and the same day illegal use of my CC occurred in another state, forcing me to cancel my credit card. The fraudulent charge was made electronically at a Krogers in Texas. This was the only on line purchase I had made in several days. Maybe its totally unrelated but you will have to pardon me if I am skeptical.
xander2077 wrote: an associate of mine had the same issue and swore it was because of a website he purchased from, but these days almost every online purchase is pretty damned secure, so that was not the case and it was probably not the case here either. what we found out (and is most likely the case in your instance) is that when you purchase at a gas station you dont normally frequent or a convenience store (as he did with the same card) it is not uncommon for unscrupulous employees of these gas stations or convenience stores to rig a card reader of some sort in tandem with the official store reader and siphon the information off of your purchase to spoof purchases elsewhere. once they did this, they were able to order dominoes pizza in several different states and some other items in the space of a few hours, so most likely they passed the card info out to their buddies once they found out how much the account on the card had in it. the danger of them being able to snatch the card info in this way is usually most cc swipe purchases at gas stations dont need the security of online purchases, like address match or your pin. and they already have everything they need to make a purchase right there, all they have to do is plug that info in anywhere they want. so if you are worried about cc info leaking, then dont use the same one for online purchases as you do for other things. what i do is instead of using a major credit or debit card for purchases, i use prepaid cards, that way there is only going to be what i put on it, and it doesn’t tie into any bank accounts. sure some vendors online might fuss over a prepaid card, but if they dont like it, there is usually another vendor that can get you the same product and will accept your prepaid no problem. i have only seen one vendor reject my card because it was prepaid and they no longer get my business. anyone else treats it like just another cc.


This is exceedilong common, and only costs a few bucks at a computer parts store to rig.
Link to comment
Share on other sites
Thandal Grand Master

Thandal

Posted
Posted

 

In response to post #32618190. #32629530 is also a reply to the same post.

 

 

 

Usseryl wrote: Less than two days ago, I purchased a lifetime membership and the same day illegal use of my CC occurred in another state, forcing me to cancel my credit card. The fraudulent charge was made electronically at a Krogers in Texas. This was the only on line purchase I had made in several days. Maybe its totally unrelated but you will have to pardon me if I am skeptical.
xander2077 wrote: an associate of mine had the same issue and swore it was because of a website he purchased from, but these days almost every online purchase is pretty damned secure, so that was not the case and it was probably not the case here either. what we found out (and is most likely the case in your instance) is that when you purchase at a gas station you dont normally frequent or a convenience store (as he did with the same card) it is not uncommon for unscrupulous employees of these gas stations or convenience stores to rig a card reader of some sort in tandem with the official store reader and siphon the information off of your purchase to spoof purchases elsewhere. once they did this, they were able to order dominoes pizza in several different states and some other items in the space of a few hours, so most likely they passed the card info out to their buddies once they found out how much the account on the card had in it. the danger of them being able to snatch the card info in this way is usually most cc swipe purchases at gas stations dont need the security of online purchases, like address match or your pin. and they already have everything they need to make a purchase right there, all they have to do is plug that info in anywhere they want. so if you are worried about cc info leaking, then dont use the same one for online purchases as you do for other things. what i do is instead of using a major credit or debit card for purchases, i use prepaid cards, that way there is only going to be what i put on it, and it doesn’t tie into any bank accounts. sure some vendors online might fuss over a prepaid card, but if they dont like it, there is usually another vendor that can get you the same product and will accept your prepaid no problem. i have only seen one vendor reject my card because it was prepaid and they no longer get my business. anyone else treats it like just another cc.

This is exceedilong common, and only costs a few bucks at a computer parts store to rig.

 

 

No, it's exceedingly rare.

 

And while the parts to build a card data reader may be commonly available, building them into something that can be attached to the card slot of a POS terminal or ATM in a way that makes them look like part of the device is actually fairly difficult.

 

But why waste time talking about a physical hack here, when such a method is used for exactly ZERO on-line thefts?

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...