jeffwareham Posted December 8, 2015 Share Posted December 8, 2015 In response to post #31666000. Reveal hidden contents Quote Moksha8088 wrote: Should those users who joined Nexus before 7/22/2013 refrain from any further downloads from Nexus till you give the all-clear signal?No just change your password. Link to comment Share on other sites More sharing options...
xybedout Posted December 8, 2015 Share Posted December 8, 2015 In response to post #31666000. #31672105 is also a reply to the same post. Reveal hidden contents Quote Moksha8088 wrote: Should those users who joined Nexus before 7/22/2013 refrain from any further downloads from Nexus till you give the all-clear signal? Quote jeffwareham wrote: No just change your password.Whether you joined before or after makes no difference to you downloading or not. Go change your password though, especially if you are uploading mods and have good rep.Being able to login with your account will allow the other party to upload bad mods under your name. That is the issue here. Though, like article mention, they would first have to actually figure out what your password is from the hashed data. If you did not know, the passwords are encoded into something that resembled random alphanumeric characters so it is not like the guys who got access can just see your password. Link to comment Share on other sites More sharing options...
Revolvist Posted December 8, 2015 Share Posted December 8, 2015 (edited) So, since you're taking control of the member database and login security, is there any chance you'll be adding a way to change our usernames? I know this is pretty unrelated, but I figured it might be a nice feature to implement now you're working on the handling of login details anyway. Edited December 8, 2015 by Revolvist Link to comment Share on other sites More sharing options...
Revolvist Posted December 8, 2015 Share Posted December 8, 2015 (edited) In response to post #31667815. Reveal hidden contents Quote TheTurtleOfDoom wrote: lol rip i registered 18th of july 2013. Does this mean someone has my password now and I need to change it asap?Yes it does. If you're using the same password on other sites, change it there as well. The more difficult your password is, meaning, the less likely you're to find it in a dictionary (and things like m0nkey count as well), the greater the chance that they haven't taken the time to crack it.Reading this though, it seems that even 10-character-long random passwords could've been cracked within a week if the attacker used some serious hardware. That is, if Nexus used standard SHA-512 hashes (whatever that means). If Nexus used PBKDF2 and the attacker a regular PC, it might take decades to crack a password, according to these guys. Edited December 8, 2015 by Revolvist Link to comment Share on other sites More sharing options...
LuciferIAm Posted December 8, 2015 Share Posted December 8, 2015 In response to post #31660700. #31662030, #31663985, #31667970 are all replies on the same post. Reveal hidden contents Quote JaschMedia wrote: May I recommend contacting https://haveibeenpwned.com/ about adding the emails from the dump to the list?It is a service that allows you to see if your email has been in any data breach they know of. Quote Lokie7 wrote: Maybe a dumb question, but I presume any of us, "I", could go there and check it out? If so, Great info. Edit; I went to the site, as recommended, did a check and so far, I'm good. Thanks for the tip. BTW, I got my answer, ;) Quote Telmaron wrote: You don't make yourself more secure by sending your info to even more people. Do you know anything about the people that even run that site or how they secure data? Quote JaschMedia wrote: Troy Hunt, the guy running the site, is not an unkown person in the information security scene.https://mvp.microsoft.com/en-us/PublicProfile/4031649?fullName=troy%20huntThe site only askes for email/username, which is silly to worry about 'giving' out. Emails get scraped like nothin. Link to comment Share on other sites More sharing options...
BeardedPredator Posted December 8, 2015 Share Posted December 8, 2015 But Hey! Good job admins on keeping us - users posted and thank you for good reaction. Much appreciated. Link to comment Share on other sites More sharing options...
daud2 Posted December 8, 2015 Share Posted December 8, 2015 tq admin..we cont to support NEXUS Link to comment Share on other sites More sharing options...
Rooker75 Posted December 8, 2015 Share Posted December 8, 2015 In response to post #31660700. #31662030, #31663985, #31667970, #31673015 are all replies on the same post. Reveal hidden contents Quote JaschMedia wrote: May I recommend contacting https://haveibeenpwned.com/ about adding the emails from the dump to the list?It is a service that allows you to see if your email has been in any data breach they know of. Quote Lokie7 wrote: Maybe a dumb question, but I presume any of us, "I", could go there and check it out? If so, Great info. Edit; I went to the site, as recommended, did a check and so far, I'm good. Thanks for the tip. BTW, I got my answer, ;) Quote Telmaron wrote: You don't make yourself more secure by sending your info to even more people. Do you know anything about the people that even run that site or how they secure data? Quote JaschMedia wrote: Troy Hunt, the guy running the site, is not an unkown person in the information security scene.https://mvp.microsoft.com/en-us/PublicProfile/4031649?fullName=troy%20hunt Quote LuciferIAm wrote: The site only askes for email/username, which is silly to worry about 'giving' out. Emails get scraped like nothin. You make a good point, Telmaron, but that particular site and its operator are known, trusted quantities. Troy Hunt is definitely in the good guy column. Link to comment Share on other sites More sharing options...
PhaetonNZ Posted December 8, 2015 Share Posted December 8, 2015 Thanks for the quick update! Link to comment Share on other sites More sharing options...
Cyliran Posted December 8, 2015 Share Posted December 8, 2015 (edited) Thanks you all, great job. Edited December 8, 2015 by Cyliran Link to comment Share on other sites More sharing options...
Recommended Posts