It’s the most wonderful time of the year (the time when you need to change your passwords because another site was hacked).
Hackers have breached NexusMods, one of the biggest sites for customizing and tweaking video games with fan-made modifications. The people who run the Nexus have confirmed in a blog post that stolen information does include usernames, email addresses, and passwords for a segment of its registered members. This is bad news for a site that requires the trust of its users. Nexus is all about downloading community-created files, which are inherently dangerous since it’s difficult to tell if they include malicious software. And while game companies like Sony and Ubisoft have suffered similar attacks, this is the first time a modding community has had to deal with something like this.
In a post on NexusMods, site administrator Robin “Dark0ne” Scott said that he believes the attack is now contained. He also addressed concerns about stolen passwords by noting that the breached data was not up-to-date.
“The [stolen] database dump is old, with the last member in the database having registered on July 22, 2013,” Scott wrote. “If you’re one of the 4.2 million users who registered on NexusMods after this date, your details are not included in this database dump and are therefore considered ‘safe.'”
Scott did reiterate that the stolen data contains user IDs, usernames, and email addresses, and passwords. But it also contained random junk data (called hashes and salts) that can confuse any brute-force attempts to understand those passwords.
“It does not contain cracked passwords,” he continued. “[That means] anyone with access to the dump would need to attempt to crack the hashes and salts themselves in order to get any sort of use out of them on the site.”
With all of that in mind, you should probably still change your password if you use your NexusMods login information on any other sites.
In response to this attack, the team responsible for Nexus says it is going to put aside some of its user-facing work to focus on security.
“In the short-term, we’ve already begun work on more verbose logging of user actions on the site,” wrote Scott. “Especially in regards to logging the IP addresses you login with and use when performing major actions, such as uploading or removing files to the database. This should allow us to more easily analyze and spot suspicious activity on the site when it occurs.”