Forced Password Resets

[Onigamibr]

I've been away from Nexus a bit and seems that I've lost my password too, and I think this account is connected to an old email which I don't use it anymore and don't have access to it anymore. How do I get my account back? Will I be forced to make a new account, cuz of this?

[Thandal]

@Onigamibr; Please submit a Support Ticket using the "Contact Us" link at the bottom of the page.

[GraVmaN]

I think its unlikely anyone will buy that list so they can high jack a user account to post in the forums or download some files. Its more likely the email addresses will be used to send spam to. Looks like I am among the affected as my account was made almost 6 years ago. As such, I have changed my password of course. :D

[nurmi90]

In response to post #41198720. #41223970, #41504730 are all replies on the same post.

bben46 wrote:

Ten years ago ( some of our accounts go back much further than that) a simple password for a site like Nexus was sufficient. After all, there was no money to be had for the effort and the worst you could do was use a hijacked account to troll the site. Then, the criminal scum discovered that many of the members were dumb enough to use the same password on other accounts where they could steal real money. Not many as the majority of the users on a game site were young enough that they didn't have credit cards. But those kiddies grew up and many still didn't change their simple easy to crack passwords. But now they had jobs, money, bank accounts and credit cards. Now cracking a password on Nexus still didn't get them any money directly, but it might get them access to other accounts where they could steal some money. And access to social media accounts where they could harvest a lot of personal info that scammers and spammers will pay for.

 

I have a very close friend who posted her telephone number on an open FB post to someone. She has been swamped with spam and scam phone calls on that number. As many as 7 and 8 a day. That phone number was likely harvested by a scraper that reads thousands of FB posts every second looking for data like phone numbers, email addresses, mailing addresses and any other valid personal information. The scraper then sold her verified phone number, along with hundreds of others for about 5 cents per number, That doesn't sound like much, but they likely sold her number in a package that included around 10,000 already verified good numbers making them $500 from each of a dozen or so scammers making their total haul around $6 to 7k

 

Change your password if you haven't already - AND do not post private info on any public forum.

Gharuk wrote: > there was no money to be had for the effort

I think a significant danger is the use of hijacked mods to distribute malware (ie: to grow botnets). If I were a nexus coder, I'd build some kind of tripwire into the nexus that would be set on any account that had more than N downloads a day on it and post an email to moderators to check out uploads if they came from IP addresses that the account owner had never uploaded a mod from before, or something like that.

Roccondil wrote: that or at least if an account has been inactive and then suddenly re-uploads/updates an old mod that hasn't been touched in years it should be flagged.

Haven't thought before somebody using ad tactics for stolen info. Curious puzzle.

Ten years ago my WoW & Curse login were same so can't help recalling, so obviously one day my dear Tauren Shaman got cleaned up and back then it clicked for me that we are going to see so much trouble from people using same logins. I figured to just tier accounts so its easy to manage and pointless to have my forum account, plus if "C" tier game login gets stolen then I know to change them all. Simple password doesnt matter because no body is going to really crack password and its you who is making the mistakes.

Very likely that most Nexus logins work everywhere and can be sold separately from game to game, then finally it ends up being Twitter bot.

PS: I think that my same old forum account have been stolen from every single forum I have put it into and its like my very own cancer-pet. Then its also amusing to think site admin seasonally just selling the whole list like its some ad revenue. :D :D

Short version: You only need one cancer-pet.

[gta0gagan]

how to check when our account got created

[ragnaroklucifer]

In response to post #41198720. #41223970, #41504730, #42302635 are all replies on the same post.

bben46 wrote:

Ten years ago ( some of our accounts go back much further than that) a simple password for a site like Nexus was sufficient. After all, there was no money to be had for the effort and the worst you could do was use a hijacked account to troll the site. Then, the criminal scum discovered that many of the members were dumb enough to use the same password on other accounts where they could steal real money. Not many as the majority of the users on a game site were young enough that they didn't have credit cards. But those kiddies grew up and many still didn't change their simple easy to crack passwords. But now they had jobs, money, bank accounts and credit cards. Now cracking a password on Nexus still didn't get them any money directly, but it might get them access to other accounts where they could steal some money. And access to social media accounts where they could harvest a lot of personal info that scammers and spammers will pay for.

 

I have a very close friend who posted her telephone number on an open FB post to someone. She has been swamped with spam and scam phone calls on that number. As many as 7 and 8 a day. That phone number was likely harvested by a scraper that reads thousands of FB posts every second looking for data like phone numbers, email addresses, mailing addresses and any other valid personal information. The scraper then sold her verified phone number, along with hundreds of others for about 5 cents per number, That doesn't sound like much, but they likely sold her number in a package that included around 10,000 already verified good numbers making them $500 from each of a dozen or so scammers making their total haul around $6 to 7k

 

Change your password if you haven't already - AND do not post private info on any public forum.

Gharuk wrote: > there was no money to be had for the effort

I think a significant danger is the use of hijacked mods to distribute malware (ie: to grow botnets). If I were a nexus coder, I'd build some kind of tripwire into the nexus that would be set on any account that had more than N downloads a day on it and post an email to moderators to check out uploads if they came from IP addresses that the account owner had never uploaded a mod from before, or something like that.

Roccondil wrote: that or at least if an account has been inactive and then suddenly re-uploads/updates an old mod that hasn't been touched in years it should be flagged.

nurmi90 wrote: Haven't thought before somebody using ad tactics for stolen info. Curious puzzle.

Ten years ago my WoW & Curse login were same so can't help recalling, so obviously one day my dear Tauren Shaman got cleaned up and back then it clicked for me that we are going to see so much trouble from people using same logins. I figured to just tier accounts so its easy to manage and pointless to have my forum account, plus if "C" tier game login gets stolen then I know to change them all. Simple password doesnt matter because no body is going to really crack password and its you who is making the mistakes.

Very likely that most Nexus logins work everywhere and can be sold separately from game to game, then finally it ends up being Twitter bot.

PS: I think that my same old forum account have been stolen from every single forum I have put it into and its like my very own cancer-pet. Then its also amusing to think site admin seasonally just selling the whole list like its some ad revenue. :D :D

Short version: You only need one cancer-pet.

" Then, the criminal scum discovered that many of the members were dumb enough to use the same password on other accounts where they could steal real money." So my friend's banned account's password stolen from nexus could be used to logged in to his other accounts on other sites? Why not scrub the passwords of banned accounts? They can't log in anyway...

[Trafalgard]

In response to post #41198720. #41223970, #41504730, #42302635, #42631155 are all replies on the same post.

bben46 wrote:

Ten years ago ( some of our accounts go back much further than that) a simple password for a site like Nexus was sufficient. After all, there was no money to be had for the effort and the worst you could do was use a hijacked account to troll the site. Then, the criminal scum discovered that many of the members were dumb enough to use the same password on other accounts where they could steal real money. Not many as the majority of the users on a game site were young enough that they didn't have credit cards. But those kiddies grew up and many still didn't change their simple easy to crack passwords. But now they had jobs, money, bank accounts and credit cards. Now cracking a password on Nexus still didn't get them any money directly, but it might get them access to other accounts where they could steal some money. And access to social media accounts where they could harvest a lot of personal info that scammers and spammers will pay for.

 

I have a very close friend who posted her telephone number on an open FB post to someone. She has been swamped with spam and scam phone calls on that number. As many as 7 and 8 a day. That phone number was likely harvested by a scraper that reads thousands of FB posts every second looking for data like phone numbers, email addresses, mailing addresses and any other valid personal information. The scraper then sold her verified phone number, along with hundreds of others for about 5 cents per number, That doesn't sound like much, but they likely sold her number in a package that included around 10,000 already verified good numbers making them $500 from each of a dozen or so scammers making their total haul around $6 to 7k

 

Change your password if you haven't already - AND do not post private info on any public forum.

Gharuk wrote: > there was no money to be had for the effort

I think a significant danger is the use of hijacked mods to distribute malware (ie: to grow botnets). If I were a nexus coder, I'd build some kind of tripwire into the nexus that would be set on any account that had more than N downloads a day on it and post an email to moderators to check out uploads if they came from IP addresses that the account owner had never uploaded a mod from before, or something like that.

Roccondil wrote: that or at least if an account has been inactive and then suddenly re-uploads/updates an old mod that hasn't been touched in years it should be flagged.

nurmi90 wrote: Haven't thought before somebody using ad tactics for stolen info. Curious puzzle.

Ten years ago my WoW & Curse login were same so can't help recalling, so obviously one day my dear Tauren Shaman got cleaned up and back then it clicked for me that we are going to see so much trouble from people using same logins. I figured to just tier accounts so its easy to manage and pointless to have my forum account, plus if "C" tier game login gets stolen then I know to change them all. Simple password doesnt matter because no body is going to really crack password and its you who is making the mistakes.

Very likely that most Nexus logins work everywhere and can be sold separately from game to game, then finally it ends up being Twitter bot.

PS: I think that my same old forum account have been stolen from every single forum I have put it into and its like my very own cancer-pet. Then its also amusing to think site admin seasonally just selling the whole list like its some ad revenue. :D :D

Short version: You only need one cancer-pet.

ragnaroklucifer wrote: " Then, the criminal scum discovered that many of the members were dumb enough to use the same password on other accounts where they could steal real money." So my friend's banned account's password stolen from nexus could be used to logged in to his other accounts on other sites? Why not scrub the passwords of banned accounts? They can't log in anyway...

> So my friend's banned account's password stolen from nexus could be used to logged in to his other accounts on other sites? Why not scrub the passwords of banned accounts? They can't log in anyway...

Why doesn't your friend change his other passwords, lol? It's not like changing his nexus password will stop anyone who already has it from trying it for his other accounts on other sites.

[Deleted1076479User]

Yeah well i got hacked, look at haveibeenpwned.com and my s#*! was up for sale in the deep web from a breach of this site. You f*#@ers downplay these breaches to save your own asses, yet you want me to donate cash to you to run the site but my s#*! gets stolen under your noses. Thank Jesus i never gave you any info into my pay pal or credit cards. Get your s#*! together. You find a f*#@ing breach a year later?! Do you even check your f*#@ing logs on a weekly bases? Daily?

[PositiveGamer101]

I wish there was a way I could help but dont bother asking me to donate because after what happen I dont think putting real info is going to help...no offense

[PositiveGamer101]

In response to post #42022505.

GraVmaN wrote: I think its unlikely anyone will buy that list so they can high jack a user account to post in the forums or download some files. Its more likely the email addresses will be used to send spam to. Looks like I am among the affected as my account was made almost 6 years ago. As such, I have changed my password of course. :D

XD you also have to remember some of these accounts could have real information...critical information like a credit card or such