Nexus reports database breach

[Skuggasveinn]

Just going to put this here in case people miss this one the nexus page.
http://www.nexusmods.com/games/news/12670/?

So in case you used your Nexus password somewhere else, please take the appropriate action.
Also like it states in the post on Nexus some mods (fallout 4) have been changed to include dll's that are potentially malicious, so please take care that your are only downloading dat files for Grimrock, and if they are zipped take extra care that they are not executable zipped etc.

best regards.
Skuggasveinn.

(doublecated from the log2 modding forum in order to reach as many modders as possible)

[Halluinoid]

I promised I'd update you all on the possibility of a database breach on Nexus Mods that I announced yesterday morning and I am here with relatively "good" news.

I am now in possession of the database dump, that was first reported on Reddit, via university security networks, and I can confirm several things. First, the database dump is "old", with the last member in the database having registered on July 22nd 2013. If you're one of the 4.2 million users who registered on Nexus Mods after this date, your details are not included in this database dump and are therefore considered "safe". Second, the database dump isn't a complete database rip. The dump contains user IDs, usernames, email addresses, hashes and salts, and that's it. It does not contain cracked passwords i.e. anyone with access to the dump would need to attempt to crack the hashes and salts themselves in order to get any sort of use out of them on the site.

From this we can conclude a further two things. Firstly, that it's relatively safe to assume that whoever made this dump no longer has access to our database. Why? Because if they did, they'd have released a much more up-to-date dump of our member database. It would make sense they no longer have any access, considering we've patched up a lot of holes, applied countless security updates and switched to a far more secure database cluster system since July of 2013.

Second, if you've updated your password since July 2013, your account on the Nexus sites should be safe and secure, as they will not have your new hashes/salts/password information. If you have not updated your password recently, please do so now as I am now personally confident that there have been no recent breaches of our network or databases. Similarly, if you still use the password you were using in July 2013, or before that date, on any other sites or services you should update them immediately.

I would like to thank the HPE Security Research team who have personally helped me with this investigation and who securely provided me with the database dump as part of this investigation. Their help has been invaluable.

My previous news post also mentioned three compromised mod author accounts that had uploaded a suspicious file in place of legitimate mods on the site. I have been in contact with one of the owners of the compromised accounts personally, along with another individual who I know was compromised recently, and both were using extremely simple passwords. Passwords that would take a simple cracker mere seconds to crack. This helps to confirm that whoever is using this information is going for high-profile, but extremely easy accounts to crack.

To my knowledge, we have not seen any further suspicious activity in the file database at this time.

The malicious file that was uploaded, "dsound.dll", has been sent away to the malware research team at HPE Security Research to find out what it does and, hopefully, spread the word so it can be flagged by anti-virus software appropriately. Once again, a big thank you to the HPE Security Research team. They've provided an excellent service

that was published 7 DEC 2015 and nothing since - unless YOU know more?