If you have ever gone searching for game mods, then chances are, you have used Nexus Mods. Unfortunately, the popular mod site encountered a security flaw in November, which could have been used by malicious third-parties to access user details.
Information that could have been stolen includes user email addresses and password salts/hashes. Writing about the breach, Nexus Mods wrote that even though they were able to “secure the endpoint” as soon as the exploit was discovered, they “cannot rule out” that user data was accessed.
The situation has been rectified by the launch of a new User Service system on Nexus Mods. To ensure that your account can’t be touched by exploits in the old system, you are encouraged to log out of the website and log back in again so that your account transfers over.
As an added precautionary measure, you should also change your password on the off chance that the passwords can be accessed by a malicious third-party at a later date. Beyond that, Nexus Mods is also fulfilling its legal obligations by informing the UK’s Information Commissioner’s Office, in keeping with data protection laws.
You can find Nexus Mods’ full post on the matter, HERE.
KitGuru Says: From the sounds of it, a lot of this is precautionary and the risk to users seems relatively low. Still, it is always best to practise good security and change passwords and pay attention to warnings/disclosures like this.