After examining the database dump, Nexus founder Robin Scott said it doesn’t contain any login details from later than July 22, 2013. Scott believes this is an “old” dump, and since that date, Nexus Mods has switched to a more secure database system. However, anyone who signed up for Nexus Mods prior to July 2013 and hasn’t changed their password since, or uses the same password elsewhere, should change those passwords now.
Scott first alerted users to the breach on Sunday, after a report emerged on Reddit, citing a firm that assists with security for several U.S. universities. Around this time, a few Fallout 4 mods were modified to include some suspicious .dll files, suggesting a compromise. (This file did not set off any virus scanners, and is still under investigation.)
It’s likely that those mod authors had accounts from prior to July 2013, making them susceptible to the old dump. And although the old dump used password encryption, extremely weak passwords (such as the ever-popular 123456) would still be easy to crack.
Scott said the whole ordeal “has given us a real kick up the backside,” and so the site is setting some feature work aside to focus on security. That includes better logging of user actions, an alert system for important security messages, a more secure account system, and support for two-factor authentication.
Why this matters: The mod community is in full swing with the recent launch of Fallout 4, and Nexus Mods is one of the most popular modding destinations outside of Valve’s Steam service. A database breach could have been devastating, but in this case it sounds like Nexus Mods dodged a bullet and learned some lessons along the way.