MartineV Posted January 24, 2016 Share Posted January 24, 2016 Another reminder to adopt some best security practices. Use a different password for every website. Use complex passwords. Use 2 factors identification whenever it's available. This way when the unavoidable leak happens, your other sites are secure. A password manager makes this easy and will even warn you of potential breaches, like mine did for this site. Link to comment Share on other sites More sharing options...
shehriyari Posted January 25, 2016 Share Posted January 25, 2016 That's very stupid to say "some users may have invalid emails" really. It's their responsibility. You just don't want to do that because you might lose potential big players (content creators) which is bad for business. Again, a website who values the value of business above privacy of its users. Link to comment Share on other sites More sharing options...
feltrockni Posted January 27, 2016 Share Posted January 27, 2016 So I just want to say, thank you. You guys have had THE BEST response of any company ever to a security breach. You notified the users appropriately. You had the appropriate apologetic attitude. You even are properly reorienting toward getting the system even better prepared for a critical breach. It sounds so simple but you've also kept us aware of everything in the process and I love you guys for it. *Hugs for your entire staff* Link to comment Share on other sites More sharing options...
qoq Posted January 28, 2016 Share Posted January 28, 2016 It's pretty obvious that some users got hacked and some form of RAT or Trojan was inserted into their files.That's sad but..It may just mean Nexus mod makers have been targeted..that's all. Link to comment Share on other sites More sharing options...
Orosaki Posted January 28, 2016 Share Posted January 28, 2016 In response to post #33828210. Reveal hidden contents Quote feltrockni wrote: So I just want to say, thank you. You guys have had THE BEST response of any company ever to a security breach. You notified the users appropriately. You had the appropriate apologetic attitude. You even are properly reorienting toward getting the system even better prepared for a critical breach. It sounds so simple but you've also kept us aware of everything in the process and I love you guys for it. *Hugs for your entire staff*yea they're the exact opposiye of sony who notified users 3 days a AFTER a security breach was detected. Link to comment Share on other sites More sharing options...
Dragonetti Posted January 31, 2016 Share Posted January 31, 2016 In response to post #33625910. Reveal hidden contents Quote corvus_cherub wrote: I went to change my password and got re-directed to the forums. I was presented with a forum page that told me "Sorry, you don't have permission for that!" appeared. Odd, since I've been registered on the forums and the site since 2006. So I thought, I'd pm someone about it... redirected to "Sorry, you don't have permission for that!". Then I thought i'd click on 'help documentation' - got fired back to "Sorry, you don't have permission for that!". so cant contact anyone bit of a catch 22..Same here i can't login or get support. :( Link to comment Share on other sites More sharing options...
NouvelleVoix Posted February 1, 2016 Share Posted February 1, 2016 In response to post #33296525. Reveal hidden contents Quote Thandal wrote: On 1/14/2016 at 9:44 PM, Bugnexus7 said: Regarding Two-factor Authentication:<snip>It also gives Nexus access to my phone number, something I am NOT comfortable with. Freely handing out data to prevent the theft of said data is illogical. Requiring users to use a device they may not own is illogical. Linking yet more data to a database that has already been hacked is illogical.All that being said, mandatory Two-Factor Authentication would be the end of my using the Nexus website.My two-cents. Guess you missed the part about the authenticators (passwords, in this case) having been hashed and salted, so not compromised, even though other data was. If a mobile phone were to be used as a piece of a 2FA solution those numbers would be similarly protected. In other words your concern, while not entirely baseless, is misplaced. I'm constantly surprised at the ways in which people misunderstand the fundamentals of encryption and its correct implementation. As usual, xkcd has a great example:Password Strength http://imgs.xkcd.com/comics/password_strength.pngJust wanted to say that I saw that comic ages ago, but I still haven't been able to forget that password! Link to comment Share on other sites More sharing options...
rt7998 Posted February 3, 2016 Share Posted February 3, 2016 (edited) In response to post #33296525. #34080460 is also a reply to the same post. Reveal hidden contents Quote Thandal wrote: On 1/14/2016 at 9:44 PM, Bugnexus7 said: Regarding Two-factor Authentication:<snip>It also gives Nexus access to my phone number, something I am NOT comfortable with. Freely handing out data to prevent the theft of said data is illogical. Requiring users to use a device they may not own is illogical. Linking yet more data to a database that has already been hacked is illogical.All that being said, mandatory Two-Factor Authentication would be the end of my using the Nexus website.My two-cents. Guess you missed the part about the authenticators (passwords, in this case) having been hashed and salted, so not compromised, even though other data was. If a mobile phone were to be used as a piece of a 2FA solution those numbers would be similarly protected. In other words your concern, while not entirely baseless, is misplaced. I'm constantly surprised at the ways in which people misunderstand the fundamentals of encryption and its correct implementation. As usual, xkcd has a great example:Password Strength http://imgs.xkcd.com/comics/password_strength.png Quote NouvelleVoix wrote: Just wanted to say that I saw that comic ages ago, but I still haven't been able to forget that password!unfortunately, there are now thousands of people out there whose password is exactly "correcthorsebatterystaple"....because they read that it's hard to guess! Edited February 3, 2016 by rt7998 Link to comment Share on other sites More sharing options...
Thandal Posted February 3, 2016 Share Posted February 3, 2016 On 2/3/2016 at 6:13 AM, rt7998 said: unfortunately, there are now thousands of people out there whose password is exactly "correcthorsebatterystaple"....because they read that it's hard to guess! Social Darwinism at work! :laugh: Link to comment Share on other sites More sharing options...
TerraKitsune Posted February 5, 2016 Share Posted February 5, 2016 (edited) My password is generated by password handler, so it's purely random with roughly 1e30 possible space. I'm not overly worried about someone cracking it from the hash. Well I /am/ a bit paranoid about privacy and data security, for a reason.. so of course I'm going to change it. =^.^= Actually scratch that, I joined after that date. Well I'll probably change it anyway. Heh. Stuff like this happens. It happens to smaller sites, and it happens to large companies. Of course it means security needs to be tightened, but it's not like it's the end of the world. Heck, it means nexus is popular enough for someone to go to the trouble of doing it in the first place. :P Edited February 5, 2016 by TerraKitsune Link to comment Share on other sites More sharing options...
Recommended Posts