Database Breach - An Update

[Alrun]

In response to post #32520840.

gimmilfactory wrote: lolol I deff have been on here since '09; and with the same password....Just changed it ^_^

Exactly the same with me! Nevertheless I never had problems, but of course changing passwords now and then is wise. Not to do it is my own fault.

[bben46]

@StewartDean -- I'm hearing you - we have over 10 MILLION members here and you seem to be one of the very few having this problem - Maybe everyone else is wrong about this being a Nexus problem and you are the only one that is right?

 

If your computer cannot install a Windows update - that is not a Nexus problem - FIX that first. If you cannot, take it to a professional who can. Until you get that problem fixed you are doing nothing but chasing your tail.

[StuartDean]

I'm not complaining to you about my inability to install windows updates, I was trying to help alert you to potential malicious code in your sites, you don't have to be such a jerk about it though. Never mind, I don't give a toss anymore. Go ahead and have potential malicious code in your sites, it's not my problem anymore, I've done all I can to alert you about it and you're ignoring me so I'm out, and won't be following this topic anmore :P

[Purr4me]

the bug problem is effecting IE only. The "bombardment" issue for one user at least has been solved..thought the last post, I seem to have been too late.

any way...to solve the issue, use the latest version of fire fox here...that stops the issue cold.

 

kitty

[Tefle Huden]

Perhaps I did not see it when I read it, but does this affect Premium Members and our account information for what we've donated? I know at one point I donated quite a bit to Nexus. I'm just checking to ensure that has not been compromised in this breach, as I would need to notify my financial institutions.

 

You may message me privately with an answer if you wish. Thank you Nexus Staff.

[MotoSxorpio]

The data breach was 3 years ago. :rolleyes:

The recent kerfluie was that someone who got a copy of the old data was able to finally crack several passwords of people who had not changed their passwords since way back then and try to get control of their Nexus accounts. The passwords that were cracked were simple. ( short, minimum number of characters or common words) If you were not a member 3 years ago you are not affected at all. If you have changed your password since then you are not affected at all. If you use a reasonably complex password (more than the minimum number of characters, not a common word or one of the list of common passwords) you were not affected But still change your password anyway. :yes:

 

The reason they want your password is they hope you are dumb enough to use the same password on some other site where you might have something worth stealing. Nexus has none of your personal info in our database. The only thing we have is an alias (user name) and email account - and every site you ever visit has that. If you want to see a site that has a lot of your personal info look no furthur than FaceBook. They require your real name and a lot of other personally identifiable info that we really have no interest in. If you buy anything from Nexus - instead of us keeping any financial info you are sent to PayPal where the transaction is actually done. That way we don't have any financial info here that can be stolen at all. We not only don't have any personal or financial info - we don't want it because we don't need it for what we do.

 

Viruses DO NOT work by spending 3 years to crack a few passwords in a random database just to redirect you to some other site where they get less than a tenth of a cent per look. They use bogus emails or advertisements to get you to download their virus. Then, if you do download the virus, they use it for various things - like searching your computer for financial information, they harvest your contacts and send them an email from you with the virus, use your computer as part of a zombie net to send DDOS attacks. Or blackmail you by encrypting your data and charging you a fee to get it back. They are really not interested in what mods you downloaded or what you said on a game forum. :whistling:

 

Redirects are typically from stuff YOU downloaded and allowed to install - One of the hardest to get rid of is Conduit - it is not considered a virus or malware by some AV because you must allow it yourself. Then it hides and redirects searches through it's own servers just to collect the advertising revenue. It uses several tricks to hide and come back when you scan. I have had the best luck using JRT to get rid of it. There are several others nearly as bad, such as the ASK toolbar that will be installed if you use ASK. :pinch: MOST AV programs will not actually remove these. Because you had to agree to install them - usually in the small print buried 4 pages down in an end user agreement for some FREE program you downloaded.

 

Have you ever installed anything from Yazzle? (They use several other names as well.) Included with EVERYTHING downloaded from them - games, ring tones, screen savers, utility programs, IM programs and other FREE STUFF!!!! - you agree to install their own advertising software - that will occasionally pop up (or pop under) an advertisement based on your internet activities - meaning that if you are visiting a game site (such as Nexus) you might see an advertisement. YOU gave them permission to advertise to you. :wallbash: This is NOT malware. This is how they pay for those free games. And because you agreed it cannot be classed as malware.

 

@Stewart, Did you do any of what I suggested already? If not stand down until you have.

Download and run the FREE Linux based rescue disk I recommended. This finds viruses that can hide from windows based scanners

Run the FREE JRT. This will get rid of things like conduit that can hide from a lot of AV programs.

Run the FREE malwarebytes. This is what the geeks use to clean out viruses.

Reboot and run a registry cleaner I prefer Ccleaner, but nearly any will do ( rebooting before and after cleaning the registry is important)

If you find a infected Windows system file you may have to format and reinstall using a known good copy of Windows (NOT some random copy from a sleazy torrent)

Restoring files after a reinstall can possibly reinstall the malware as well depending on how well it hides itself. :mad:

There are other programs that other people will recommend - these are the ones I currently use.

I have only been working on computers for the last 40 years. I may have learned something about removing malware in that time. :tongue:

You made me look up "kerfluie". :ermm:

[Zugmaster]

Could it be possible to get some information about that questionable dsound.dll file? I personally was lucky enough to not download it, but one of my friends did download it and run Fallout 4 with that file in .exe directory. It would be extremely helpful to know if it actually did something harmful and if there is need to do cleanup (beyond the usual AV scans) or clean install OS because of it.

[Usseryl]

Less than two days ago, I purchased a lifetime membership and the same day illegal use of my CC occurred in another state, forcing me to cancel my credit card. The fraudulent charge was made electronically at a Krogers in Texas. This was the only on line purchase I had made in several days. Maybe its totally unrelated but you will have to pardon me if I am skeptical.

[bben46]

We don't have your credit card number in our database because we don't process credit cards here. And if you could read you would have seen that the breach in question was 3 years ago. And was patched 3 years ago with a minimum of fuss and bother. So something that happened 2 days ago, or 2 years ago would not even be a part of the data that was leaked before you were even a member.

 

A data base breach means someone was able to download a part of a data base (probably not even all of it) - that does not mean they could read it. The data is encrypted salted and hashed (look it up) and can take a long time for a hacker to be able to unencrypt any passwords, and then they don't get all but just a few at a time, those that are simple and short. Longer complex passwords that don't use dictionary words take much longer to crack ( years) - then what do they get from our database? No financial info at all. No real name, no home address, no telephone number, they do get whatever age you claimed if you included that, and maybe sex if you didn't lie, (Honest, we don't check to see if you lied about your sex here) they do get a email, but that is not exactly a secret is it? About the only info useful to a hacker is being able to match a cracked password with an email. They can then try that email/password combination on other sites to see if it works - That is why we say do not use the same password for any other sites. IF you were dumb enough to use the same password and email to deal with your bank - they now own your banking info and can clean you out. However - IF you didn't use the same password, they get - nothing. And IF you change your password from time to time they get - nothing.

 

A breach at Nexus is not nearly as serious as some site like FaceBook. What personal info did you give FB? they require your real name and some other personal info just to sign up.

 

And if you do like I do and use a separate email for game stuff, and another separate email for EACH financial account with an entirely different password they don't even get that. And I lie a lot on the security questions ( Q: What is your favorite color? A: Tuesday)

[xander2077]

In response to post #32618190.

Usseryl wrote: Less than two days ago, I purchased a lifetime membership and the same day illegal use of my CC occurred in another state, forcing me to cancel my credit card. The fraudulent charge was made electronically at a Krogers in Texas. This was the only on line purchase I had made in several days. Maybe its totally unrelated but you will have to pardon me if I am skeptical.

an associate of mine had the same issue and swore it was because of a website he purchased from, but these days almost every online purchase is pretty damned secure, so that was not the case and it was probably not the case here either. what we found out (and is most likely the case in your instance) is that when you purchase at a gas station you dont normally frequent or a convenience store (as he did with the same card) it is not uncommon for unscrupulous employees of these gas stations or convenience stores to rig a card reader of some sort in tandem with the official store reader and siphon the information off of your purchase to spoof purchases elsewhere. once they did this, they were able to order dominoes pizza in several different states and some other items in the space of a few hours, so most likely they passed the card info out to their buddies once they found out how much the account on the card had in it. the danger of them being able to snatch the card info in this way is usually most cc swipe purchases at gas stations dont need the security of online purchases, like address match or your pin. and they already have everything they need to make a purchase right there, all they have to do is plug that info in anywhere they want. so if you are worried about cc info leaking, then dont use the same one for online purchases as you do for other things. what i do is instead of using a major credit or debit card for purchases, i use prepaid cards, that way there is only going to be what i put on it, and it doesn’t tie into any bank accounts. sure some vendors online might fuss over a prepaid card, but if they dont like it, there is usually another vendor that can get you the same product and will accept your prepaid no problem. i have only seen one vendor reject my card because it was prepaid and they no longer get my business. anyone else treats it like just another cc.