Jump to content

Database Breach - An Update


Dark0ne

Recommended Posts

  • Replies 547
  • Created
  • Last Reply

Top Posters In This Topic

In response to post #31709715. #31714810 is also a reply to the same post.


slakmoh wrote: So what if people who have had their information taken don't see this post? Why did I have to hear about this on another site instead of receiving an email saying I should change my password??
Dark0ne wrote: Because sending an email to 10 million people would take us about 6-12 months, and have us flagged in every SPAM database on the planet. It's likely by the time the script got around to your email being sent, you wouldn't have even received it.


This is sadly the world we are living in. 3rd party SPAM filters, blocking mail, and you have to pay "ransom" to get them to clear you.

I know for a fact about a large ISP that was changing its IP address for its SMTP cluster, facing the other ISP in the world. The operation was well planned, all major SPAM filters was notified constantly for 6 months, in advance.
Guess what; They still blocked all emails to and from this ISP, and most of them still demanded payment for un-blocking. So millions of emails was delayed for days...

And in that light, we might need to map out what other channels can be used to broadcast information? Twitter, Facebook, <name your preferred service>
Make a info-plan B, and tell the users where to look for info, when the s#*&#33; really hits the fan.
Link to comment
Share on other sites

In response to post #31709715. #31714810, #31754025 are all replies on the same post.


slakmoh wrote: So what if people who have had their information taken don't see this post? Why did I have to hear about this on another site instead of receiving an email saying I should change my password??
Dark0ne wrote: Because sending an email to 10 million people would take us about 6-12 months, and have us flagged in every SPAM database on the planet. It's likely by the time the script got around to your email being sent, you wouldn't have even received it.
gyrofalcon wrote: This is sadly the world we are living in. 3rd party SPAM filters, blocking mail, and you have to pay "ransom" to get them to clear you.

I know for a fact about a large ISP that was changing its IP address for its SMTP cluster, facing the other ISP in the world. The operation was well planned, all major SPAM filters was notified constantly for 6 months, in advance.
Guess what; They still blocked all emails to and from this ISP, and most of them still demanded payment for un-blocking. So millions of emails was delayed for days...

And in that light, we might need to map out what other channels can be used to broadcast information? Twitter, Facebook, <name your preferred service>
Make a info-plan B, and tell the users where to look for info, when the s#*&#33; really hits the fan.


Nexus, taking care of the people....even ones like me who would bring the world to ruin somehow just trying to make a dog companion for skyrim Either way thanks for the update and good job.
Link to comment
Share on other sites

Well, this last update has just forbidden me from accessing the site using my normal browser, thus I have to use alternative browsers that mask my IP address, in order to be able to come here and comment. :P

 

Can you check this, Dark0ne?

 

My user name is Fyingsquirrel, and you can check for yourself that I have never done anything against the site in any way.

I'm as much a normal user as you can get, and have been downloading mods for the past couple of years.

 

Thanks, and hope this situation is sorted out.

Link to comment
Share on other sites

In response to post #31699195. #31709590, #31710865, #31717215, #31727420, #31727725, #31727755, #31735675, #31736475, #31737125, #31745975, #31747430 are all replies on the same post.


rickman wrote: If you are reading this Robin, know this: the community is supportive BECAUSE you share this stuff outright, clearly, and with incredible haste. If you treated us like Sony did in December of 2012, knowing the problem and denying it for two weeks or more, we'd probably be a lot less kind. There is also this to consider: You told us EXACTLY what, who, when, and how, as soon as you could, and in plain, simple terminology. I (and most likely about 10,000,000 others) appreciate a straightforward answer when there is an issue. But MOST IMPORTANTLY, you are kind and humble about it. If someone was mad at the employees of Nexus after your immaculate behavior, They are clearly not the kind of individual that we should be associated with as a user base. I personally love this site for a myriad of reasons, to explain it would take a ten+ page essay to enumerate all of the reasons why. To be clear though, the biggest reason, THE STAFF TREATS THE USER BASE LIKE PEOPLE. Despite there being 10,000,000 of us, we don't feel like faceless numbers. And that is because you seem to CARE. Don't stop doing that, and this awesome community will probably never devolve.

Thank you for being the best you can be.
Richard.
JZSquared wrote: ^This sums up my feelings exactly. I couldn't have said it better myself.
Lokie7 wrote: I second this, entirely. Well said.
Netsplite wrote: ^ +1
ZedLeppelin wrote: A wee bit verbose, (and I know verbose!), but rather well said and pretty damn accurate. The Nexus staff treats people like people, not numbers.
Inboundwhisper wrote: +1
Inboundwhisper wrote: +1
Aricole wrote: +1
lordmanticore wrote: +1
btgbullseye wrote: +1
xenonblade wrote: +1
AlexZander40 wrote: Well said. May the modding goodness continue.


Agreed. no matter who you are, and how much money you've got, you're going to get a breach at some point. At least you salted the passwords, and use a hashing algorithm..

More then I can say for my local Library's system. A breach in THAT database would be catastrophic (note, it sends you your old password via email, that should give you an idea of how terrible it is)
Link to comment
Share on other sites

In response to post #31737390. #31742135, #31743025, #31743530 are all replies on the same post.


deathdragon8547 wrote: "but right now we're leaning towards Google Authenticator that will allow you to generate secure codes from your smart phones)"

I don't have a cell phone, let alone a smart phone....
AndrewBlane wrote: A very good point. For a long time, niether did I (untill teh jobcentre told me that it was essential for getting a job)

I hate it when places do this.
DamianWayne wrote: Then you have bigger problems than worrying about your Nexus account. It's 2015, and even if you're a luddite, having a phone has become a social and workplace necessity. Maybe get on that.
Dark0ne wrote: 2FA is completely optional anyway.


more or less. I get howled at every time I leave the phone at home to charge....
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...