JimmyRJump Posted December 19, 2019 Share Posted December 19, 2019 (edited) In response to post #75806633. #75806923, #75807088, #75807518 are all replies on the same post.JimmyRJump wrote: 8 November? It's 19 December today. Why the delay in communicating? It's a bit late now. If ever there was malicious intent to make use of grabbed personal info then the potential damage will already have occurred in most cases...BigBizkit wrote: As our immediate response we wanted to make sure the exploit is dealt with as quickly as possible, the new user service alleviating the issue is on its way - which required us to focus on testing a lot, and, lastly, we needed to assess the situation in its entirety before making rash decisions, especially considering EU regulations.As an EU registered company we are required by law to perform certain tasks and we had to be sure that we were doing everything correctly, in the correct sequence.If it was the intention of the actor to take user data, which we do not know, and then attempt to use any data maliciously, which we also do not know for sure, then the process of decrypting strong passwords isn't trivial and so it's unlikely anything would happen immediately.JimmyRJump wrote: Sure BiBizkit. I totally understand and agree. But if Nexus was a bank, you can bet your lilywhites I'd be on the phone with my lawyers. Presuming I have those.tgstyle24 wrote: I am EU member and I know our law a little bit... Nexus did nothing wrong in the eye of the law (as long as they reported the data security lack to the DPA within 72 hours). They are not forced to inform their users unless its absolutely clear that there is a high risk for the personal rights of the affected.... but... it would have been a nice move to make a quick post as information for all that sth happened... that its not clear what exactly... but that they recommend to change the passwords in any case... I always say "better save than sorry" ;)@tgstyle24: I'm from Belgium and know quite a bit about legal matters and laws, both local and international. My comment wasn't insinuating anything unlawful had happened on Nexus' part. But since when do lawyers need broken laws to sue yer arse? :P Edited December 19, 2019 by JimmyRJump Link to comment Share on other sites More sharing options...
CrEaToXx Posted December 19, 2019 Share Posted December 19, 2019 So that what all the recent fuzz was about? I figured the whole website was acting completely weird, the last copple of weeks. It would continously send me back to my profile section, whenever I log back in. 2fa is used from the day you've enabled it. I guess that's just the side effect, if you want your website to grow. Just make sure this is not happening even more frequent, because that's the actual feeling I get. Insecuritys seem to happen more and more often. You're still my favourite website. Just make sure you grant the security us users deserve...:) Link to comment Share on other sites More sharing options...
DRAGONJOE69 Posted December 19, 2019 Share Posted December 19, 2019 In response to post #75808388. fredlaus wrote: According to https://haveibeenpwned.com/ I have not been pawned.I reckon solid measures have been taken.I wasn't so lucky, my email has been hit twice, once on this site in Dec 2015?? and again in 2017 on some exposed spam site. thank god I don't have any critical info stored here. Link to comment Share on other sites More sharing options...
Acacophony Posted December 19, 2019 Share Posted December 19, 2019 In response to post #75806633. #75806923, #75807088, #75807518, #75809163 are all replies on the same post.JimmyRJump wrote: 8 November? It's 19 December today. Why the delay in communicating? It's a bit late now. If ever there was malicious intent to make use of grabbed personal info then the potential damage will already have occurred in most cases...BigBizkit wrote: As our immediate response we wanted to make sure the exploit is dealt with as quickly as possible, the new user service alleviating the issue is on its way - which required us to focus on testing a lot, and, lastly, we needed to assess the situation in its entirety before making rash decisions, especially considering EU regulations.As an EU registered company we are required by law to perform certain tasks and we had to be sure that we were doing everything correctly, in the correct sequence.If it was the intention of the actor to take user data, which we do not know, and then attempt to use any data maliciously, which we also do not know for sure, then the process of decrypting strong passwords isn't trivial and so it's unlikely anything would happen immediately.JimmyRJump wrote: Sure BiBizkit. I totally understand and agree. But if Nexus was a bank, you can bet your lilywhites I'd be on the phone with my lawyers. Presuming I have those.tgstyle24 wrote: I am EU member and I know our law a little bit... Nexus did nothing wrong in the eye of the law (as long as they reported the data security lack to the DPA within 72 hours). They are not forced to inform their users unless its absolutely clear that there is a high risk for the personal rights of the affected.... but... it would have been a nice move to make a quick post as information for all that sth happened... that its not clear what exactly... but that they recommend to change the passwords in any case... I always say "better save than sorry" ;)JimmyRJump wrote: @tgstyle24: I'm from Belgium and know quite a bit about legal matters and laws, both local and international. My comment wasn't insinuating anything unlawful had happened on Nexus' part. But since when do lawyers need broken laws to sue yer arse? :PI understand that rationale and the importance of testing, but writing up a quick announcement and advisement for everyone to change their passwords would take a few minutes at most. I think everyone would have appreciated knowing sooner. Hopefully this won't happen again, but if it does, I'm sure all of us would appreciate knowing earlier next time. Keep up the good work on this site~ Link to comment Share on other sites More sharing options...
reptileye Posted December 19, 2019 Share Posted December 19, 2019 And people pay for premium here uh? lol Link to comment Share on other sites More sharing options...
Tasaar Posted December 19, 2019 Share Posted December 19, 2019 In response to post #75808388. #75810073 is also a reply to the same post.fredlaus wrote: According to https://haveibeenpwned.com/ I have not been pawned.I reckon solid measures have been taken.DRAGONJOE69 wrote: I wasn't so lucky, my email has been hit twice, once on this site in Dec 2015?? and again in 2017 on some exposed spam site. thank god I don't have any critical info stored here.You can sign up for notifications on Firefox Monitor. That way, if your email is added to haveibeenpwned.com, you're emailed about it. Link to comment Share on other sites More sharing options...
SnowFox35 Posted December 19, 2019 Share Posted December 19, 2019 So does this correspond to the issue of https://forums.nexusmods.com/index.php?/topic/8146998-cantelemblaccurrinfo/#entry74885408'>being redirected to virus sites only from Nexus? Link to comment Share on other sites More sharing options...
Thaiauxn Posted December 19, 2019 Share Posted December 19, 2019 (edited) The fact that we're aware of it is the solution. It's the stuff we're unaware of that's dangerous. Whoever it is wants to target specific users and is probably a banned user who was a mod thief (or troll) who has beef with those users which reported them. No one is really to blame here. Malicious intents are hard to predict in a site this massive with so many users. Edited December 19, 2019 by Thaiauxn Link to comment Share on other sites More sharing options...
Gameslover Posted December 19, 2019 Share Posted December 19, 2019 In response to post #75810278. reptileye wrote: And people pay for premium here uh? lolthis site is a disaster these days..... Link to comment Share on other sites More sharing options...
EvilTwinz Posted December 19, 2019 Share Posted December 19, 2019 Thank You for alerting me and others to the issue that you stated. I appreciate that in spite what others here have posted. I can only imagine the mega task that you all have trying to monitor and secure your site. I have already updated my account password 30 days ago but, I added the Authy app to my iPhone and the 2FA today. Thank you ,again Nexus for alerting me and others! :- ) Link to comment Share on other sites More sharing options...
Recommended Posts