If you’ve got a Nexus Mods account and haven’t changed your password in a while, the mod’s site team recommends doing so soon. Nexus Mods reported this week that a security breach occurred in November which led to a third party accessing “a small number of user records” from the site’s old user service. The announcement and warning to Nexus Mods members says that the site can’t rule out the possibility that email addresses and passwords were accessed and therefore recommended users take precautions to protect their information.
Nexus Mods’ announcement regarding the issue said the security breach happened back on November 8th. The exploit was resolved as soon as it was discovered, the post said, and actions were taken to further tackle the problem.
Part of those actions involved bumping up the release of the new user service which is the upgraded version of the old service referenced above.
“We immediately worked to rectify the situation and, as part of the process, brought forward our release schedule for our long-planned new user service to ensure no other potential exploits on the old user service could be used to obtain user data,” Nexus Mods said in Thursday’s announcement. “This step we took is ensuring that the new passwords are not only better protected, but that any encrypted passwords that have - potentially - been obtained from the old user service are already out of date.”
As for the steps users can take in the wake of this issue, Nexus Mods recommended some of the usual actions suggested to users when it comes to password security and breaches like this one. Make sure you’re using the new user service, change your password, don’t share passwords across different sites, and consider using two-factor authentication if you aren’t already.
When asked why it took so long to tell the community about the security breach, a community manager responded in the comments to say the priority was to deal with the exploit and comply with EU regulations.
“As our immediate response we wanted to make sure the exploit is dealt with as quickly as possible, the new user service alleviating the issue is on its way - which required us to focus on testing a lot, and, lastly, we needed to assess the situation in its entirety before making rash decisions, especially considering EU regulations,” the community manager said.
The full post about the Nexus Mods security breach can be seen here.
Thanks, PC Gamer.