Popular game mods hosting site, Nexus Mods, reports there were was an old database dump over the weekend and that members who haven’t updated their passwords recently should do so now.
The saga began on a more cautious note, as can be seen in an earlier community post. In short, a security firm working for research and higher education communities emailed several IT departments regarding compromised credentials. Nexus contacted the firm to find out more but did not receive a reply, yet made the announcement anyway after noticing suspicious activity.
An update has since eased everyone’s tensions. The database turned out to be fairly old, last updated on July 2013, with the rip itself incomplete.
It does not contain cracked passwords i.e. anyone with access to the dump would need to attempt to crack the hashes and salts themselves in order to get any sort of use out of them on the site.
The danger here lies with users who have been using the same password since July 2013, and uses it for other websites as well. (You really should keep them updated and unique.)
Premium members need not worry about their payment credentials, as those are handled by Paypal.
Early internal investigations showed three mods — Higher Settlement Budget, Rename Dogmeat, and BetterBuild, all of which are for Fallout 4 — containing a file the authors knew nothing of. The update tells us that these compromised accounts used “extremely simple passwords” – ones that would take mere seconds to crack – and that the suspicious file has been sent to a malware team at HPE Security Research to follow-up on
This really is a perfect opportunity for malignant mods as Fallout 4 has, relatively speaking, only just released. Bethesda’s titles are renowned for their modding support, so much so that plenty already exist even though the official Creation Kit isn’t out yet. And just so nobody forgets, the Creation Kit will eventually allow certain PC mods to work on PlayStation 4 and Xbox One too.
Users need not worry, however, as Nexus Mods utilizes a stringent array of scans to test files before being publicly available. Things that slip through, as was the case with the three suspected mods, were likely new malware that have yet to be identified and flagged.
The situation has proved a timely reminder for all on the importance of security. Nexus Mods says that two-factor authentication has been on their to-do list given the site’s growing popularity – there were over 1.8 million downloads on November 28 alone – and that they’re now bumping it up the priority list.
But hey, don’t let this (seemingly benign) security breach get in the way of your post-war entertainment. Just change your passwords, keep them updated, and carry on building those settlements. Super Mutants aren’t going to wait on us smelly humans.