In 2014, a Nexus Mods’ staff account was compromised and the attacker removed popular mods and replaced them with malware-infested versions. It’s not the first time the site has suffered security issues as Scott referenced one database breach from several years ago. Those three Fallout 4 mods were “BetterBuild (downloads from 29th November), Higher Settlement Budget (downloads from 5th December), and Rename Dogmeat (downloads from 4th December).” dll file, “ dsound.dll,” and the modders said they hadn’t made the changes. Scott initially said the potential breach details were “too ambiguous to draw any concrete conclusions,” but ironically it was the tampering of three Fallout 4 files that made him “suspicious.” The Fallout 4 files had changes to a. Not even a month ago, Nexus Mods proudly announced that due to the release of Fallout 4 it had over 10 million registered members. Scott said Nexus Mods intends to get its entire network – not just Premium Member payment pages – served via an encrypted SSL connection and it will start supporting two-factor authentication. At the time of the compromise, the Nexus password policy did not include a required number or special character, and a password could contain only three characters. Not all hashed and salted passwords are equally secure and some methods are easier to crack. Although he said all passwords stored the database were “hashed and salted,” he provided no additional details. Nexus founder Robin Scott, aka DarkOne, recommended for users to change their passwords in the first announcement about the breach. Another Redditor received an email from EA/Origin asking if a password reset had been requested yet another reported someone had attempted to access his Humble Bundle and Blizzard accounts. does not do any password complexity enforcement other than it is between 3 and 32 characters,” wrote REN-ISAC before adding that the emails and passwords “ are out on the Internet in criminal circles.”Īlthough other gamers took to Reddit to confirm receiving an email from Ohio State University about the Nexus breach, other users from other universities said they had also received breach notifications.Īfter the Nexus Mod breach PSA, one Reddit user claimed his PSN account was compromised, with the attacker changing the password as it was the same password used on Nexus. It will not be possible to determine if associated passwords meet your local complexity requirements. The ONLY information being made available is the account names. The trusted party is not able to share associated passwords, hashes, or other information because of PII concerns of their attorneys.
0 kommentar(er)
