Database Breach - An Update

[thyrith]

In response to post #31656620. #31658095, #31664070 are all replies on the same post.

  Reveal hidden contents

  Quote

Purr4me wrote:

Don't know if this matters, taking the advice is a good thing when needed.

But this ? kinda say's nah..

http://s26.postimg.org/98ookcxvt/2_billion.jpg

that's this sites PSW

 

all my other accounts use this one

http://s26.postimg.org/3yjpt2dmx/right.jpg

 

built to last.

 

kitty.

  Quote

Netsplite wrote: Only if you use the password for all of your other accounts and one of those sites gets hacked and they're stored in DB as plain text / md5 without salt you're still screwed.
Not the case for Nexus as they have proper hashing like mentioned in their last post as well but even on large sites you would be surprised how often this happens.

  Quote

Telmaron wrote: That amount of years is probably for trying to brute force your password, that doesn't need to happen with the use of things called word lists. People can use wordlists to crack passwords that are complex and it might take only hours or days.

I guess my new password is secure enough...
http://easycaptures.com/fs/uploaded/1042/1945960619.png Edited December 8, 2015 by thyrith

[Deleted1396482User]

Phew... Glad I joined a loooong time ago. :) Good job!! ^_^

[falloutboy65]

thanks for your hard work and keeping us apraised of the outcome.

 

Just one thing that made me cringe....

GOOGLE Authenticator? using tools from the biggest data collector for Security?

 

Sorry if that sounds paranoid (I am aware it does) but, yes, that makes me rather uneasy and feeling anything but more secure.

I hope at least I will not be forced to use this authentication method as I am avoiding anything connected to whole Google universe and will sure as hell not share my phone number or any other personal detail...

If there are alternatives I would be greatful if those could be at least considered.

 

cheers

[billanator]

I saw this on Steam, so I updated my password, even though I registered well after the July 2013 date. Thanks for the update.

[LHammonds]

Thanks for letting us know. I saw this in Steam on the "Recent News" for Fallout 4. I immediately dropped by and updated my password. Thankfully, I don't use the same password on each of the sites/services so even if my pwd is cracked, they get nothing. :-) I recommend using a password manager like KeePass to help make sure your passwords everywhere is unique but also be able to retrieve them if you forgot what they were.

 

EDIT: Just sorted all my uploads by date last updated. Nothing touched.

Edited December 8, 2015 by LHammonds

[Gangir]

Good post and update! Hopefully it was only these few modders accounts that was breached and not the entire site. Funny thing was that I have been a member since 2011 I think (skyrim) and just the day before the news hit I had registered as premium and thought ffs... Have also changed both email and password for this site now. Keep it up and don't lose your hope! We count on you to continue to be the greatest mod provider and community for many years to come!

[Deleted54170User]

dsounds.dll has several hits in the search engine. People think it has gone missing when it may be the core of their computers problems.

 

This morning, 12 hours after changing my password, and restarting my computer the sound card didn't play the start up music when booting up, nor the follow up music when it finished. I checked my sound card settings and the test was positive the card is working.

 

I searched and found the dll in Windows System32. Is this a false dll and is it causing the interference?

 

My system32 folder shows me that, that dll was created on 7/10/2015 5:00 AM.

 

All of the standard Windows 10 sounds, bleeps, ta da's, etc. are not working.

If I delete it will the software reset it too?

 

Typed CMD in the search and used Run with Administrators Permission the UAC pop up arose and that has been the only time music played since I posted this for, then I typed in the Command space, "SFC /SCANNOW"

 

All users of Windows OS may want to do that just to clean up old files and replace any files, including dsound.dll, that may have become corrupted.

 

For more information look at this link at Microsoft Help:

https://support.microsoft.com/en-us/kb/929833

Have a Great Day!

Edited December 8, 2015 by Pagafyr

[NeoH4x0r]

  On 12/8/2015 at 9:24 AM, Nexturn said:

Is it safe to say, that if you just downloaded the dsound.dll and didn't activate the mod where the file was coming from nor followed any ingame activation instructions, that the file wasn't executed (or used) at all?

When placing dlls in the game folder (ones that the game loads -- dsound.dll, xinput3_1.dll, d3d3.dll, etc, etc) will load as along as they are in the folder.

[NeoH4x0r]

  On 12/8/2015 at 10:47 AM, JaschMedia said:

May I recommend contacting https://haveibeenpwned.com/ about adding the emails from the dump to the list?

It is a service that allows you to see if your email has been in any data breach they know of.

 

I just checked my email and I got a hit...

Adobe: The big one. In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text.

-- I guess I could change that password as well -- 64 chars (and one should not enter a 'password hint')

 

@Dark0ne -- since both the database dump and the Above breach was from 2013. The abobe breach might be related to this (that user data might might -- at least -- intersect with nexusmods.com users data).

If that is the case, then, it's probably not a security issue/vulnerability with nexusmods.com -- just bad user practice for re-using the same username/password for more than one site (as well insecure, and easily guessable, passwords).

Edited December 8, 2015 by NeoH4x0r

[bithon]

Thanks for being so transparent about it, not many people would actually admit such a terrible thing. You're truly one of a kind. God bless.