Morrowind

Nexus hacking

  • Comment
It is with both annoyance and regret that I have to announce that I discovered today that the Nexus sites had been compromised through a hole in the site's code. The compromise was serious giving the script kiddy access to all the MySQL databases, including the database for the forums that contains user information such as your email address.

I have had reports today from people who have told me that "one-time" accounts used to sign up to the site have been receiving spam. It is my belief that the script kiddy decided he would place some of the member's of this site's email addresses, or all of them, on a spamlist. Now spam for a large majority of you shouldn't be an issue considering the modern day counter measures against it but the fact this data has been used at all is worrying enough and I apologise for that.

Please remember that you should not post anything about yourself on the internet that you do not want to be public domain. While you have a right to expect your information to remain safe and secure on this site these situations do happen, from the smallest sites all the way up to the Google's and Microsoft's of this world.

I am making every effort to try and plug any holes I find and once again make sure the site is secure. I would like to thank the people who emailed me earlier on in the day for not only informing me but also their calm attitude to the situation. Obviously this situation is very embarrassing for me and I'm making every effort to insure this doesn't happen again.

The good news is that the script kiddy decided that he would not attempt to make too much of a hassle of himself; indeed he failed in his attempts to compromise the forum skins and seems to have given up since. More amusingly the hacker made no attempt to mask his IP address from the access logs of the site which means we've traced down exactly where he lives (due to his ISP having a static IP address) to his very front door. Indeed we also tracked his use to a Call of Duty forum he either owns or has admin access to (a Call of Duty script kiddy; that's about as cliché as it gets). This forum provides scripts and hacks for the games. We are currently considering our options baring in mind the person is probably a teenager using his mum's internet.

Once again I apologise for the inconvenience.

298 comments

Comments locked

A moderator has closed this comment topic for the time being
  1. Blake81
    Blake81
    • premium
    • 2 kudos
    So was this kid arrested then?


    If he was,we'll probably never know unles his mum sends some of the Admins here some sort of ``I'm sorry for what my kid did and I already gave him a spaking´´ mail, lol.

    The NASDAQ stock exchange admits they have been hacked several times over the past year.


    I read the article and it doesn't suprise me,there are lots of Hack4Hires doing that kind of jobs out there.Even if all kinds of corporations shun the Hackers for our works they're always ready to hire a bunch-o-cybermercs to do their dirty job when they need to....
  2. bben46
    bben46
    • premium
    • 781 kudos
    Breaking news.
    The NASDAQ stock exchange admits they have been hacked several times over the past year.

    Link: http://blogs.wsj.com/marketbeat/2011/02/07/nasdaq-omx-yep-we-got-hacked/

    Kind of makes the stuff here sound silly doesn't it?
  3. Laurence9
    Laurence9
    • BANNED
    • 1 kudos
    So was this kid arrested then?
  4. vometia
    vometia
    • premium
    • 11 kudos

    Plus, it's incredibly easy to spoof the from line in standard email protocols to display anything you like. Most spammers use a deceptive From address, and, in cases like this, just assign random ones from the same list of addresses they're sending to.

    One has to dig into the message header to see the sender's actual info, and even then it can be obfuscated to the point of being useless. The IP hops are the only (semi-) reliable way to trace things.

    They do have a rather annoying habit of adding a bunch of fake received headers to either throw you off track or make the message look more legitimate than it actually is. I'm still amazed that internet mail hasn't been superseded by something better: it's years since I looked at its innards and thought that can't be right! when I realised how insecure it is (this was in the years BS: Before Spam! Little did I know...) But I suppose as long as the corporates keep trying to punt their own proprietary services as The Answer(tm) we'll be stuck with it...
  5. Blake81
    Blake81
    • premium
    • 2 kudos
    Yes, I saw your post right after you made it...and no, I'm not hacker-phobic. The others on staff do not seem to be either. hehehe.


    Glad to hear that,I hate those sites where you can't mention the work ``Hacker´´ without a Moderator placing his B&Hammer on your head and telling you the ``Be careful with what you say here´´ thing.

    Then the hacker posted the stolen data (NOT NEXUS data) on The best known pirate site <img class="> .


    That's common Hacker behavior,seems like our little Darkie(I agree with Thandal,Hacker is a far too glorious title to be given to such careless script kiddie.)likes attention a lot.Whenever a Hacker succeds in his craft,he is quite likely to brag of it and show proof of his deeds.``The worth of a hacker should only be judged by looking at his hacking´´ says the code(If ya ask me,this guy wasn't even worth the bandwidth he used);and because of it most of th Net's script kiddies are just teenagers with low self-worth that want all the attention they can get,and since they can't get it on the real world they resort to doing it on the Net,and hacking a bunch of well known sites,show proof of it and then brag and brag about how you bypassed their defenses surely draws a lot of attention.

    *Sigh*That's the way thing are.....``They're all alike´´´, as says in the Manifesto....
  6. Thandal
    Thandal
    • Moderator
    • 183 kudos
    Plus, it's incredibly easy to spoof the from line in standard email protocols to display anything you like. Most spammers use a deceptive From address, and, in cases like this, just assign random ones from the same list of addresses they're sending to.

    One has to dig into the message header to see the sender's actual info, and even then it can be obfuscated to the point of being useless. The IP hops are the only (semi-) reliable way to trace things.
  7. Pronam
    Pronam
    • premium
    • 156 kudos
    I'm so glad I changed my email here a few months before the compromise, that email is my only spam free one. I have a very efficient way make passwords for less important things but it'd kinda fail if I said it here <img class="> .

    The people I mean aren't effected as in passwords from nexus, just their emails. Either they got stupid enough to fill in their password somewhere, but it's like they got brute forced as most people use easy passwords for less important email-accounts. I get spam from various users around more often, but I was just worried they were nexus users only this time and at a short period time from each other <img class=">.
  8. bben46
    bben46
    • premium
    • 781 kudos
    TheNexus is not the only site that has been hacked in the last few months. The most well known was the Gawker group, which includes the gamer site Kotaku as well as other popular sites. They claim to have more members than us, but also say 'only' <img class="> about 1.5 million accounts were compromised. Then the hacker posted the stolen data (NOT NEXUS data) on The best known pirate site <img class="> . And everyone knows just how honest they are - moving money around through offshore banks while claiming to be not be making any profit from the stolen games and other files they host.

    Based on what we have seen so far, passwords were not compromised on the Nexus hack. Only email addresses. The result is not a mass of compromised user accounts, but extra spam emails sent to our users.

    If you used the same user name and password on any other site, and that site was hacked for usernames and passwords, then they would not only get you there, but would have your info from TheNexus and any other site (bank? Credit card? facebook?) also.

    It is entirely possible that the one who believes he was attacked through his Nexus account (possible, but statistically not likely - even 20 out of 2 million is a statistical anomaly ) he could very well have been compromised through some other site where he used the same credentials, or a brute force hack. http://glossary.spam...rute-force.html

    With both user name and password, A true evil hacker would be able to sign in as you and do whatever they wanted to with your account. <img class=">
    The simplest protection against this type of attack is use a different password and even user name on each separate site. <img class="> The next level of security would be to have a separate email for game sites, a separate email reserved for only financial sites (bank, credit card), a separate email for friends and family, a separate email for business use, and several throw away emails for registering on junk sites. <img class="> Then when you start getting too many spam emails on a particular email, replace it with a new one and after informing anyone you consider important that uses that email. Scrap it.
  9. Pronam
    Pronam
    • premium
    • 156 kudos
    Maybe unrelated, that's why I post it here instead of a new topic >.>. But I had a few people people (only) from nexus sending me similar spam today shortly from each other of which half don't have each other's address. All were just a posted link to similar sites (all spelled newss and no I get that from the url <,< I'm not going to check them.). Maybe it's a chain from msn, or it's people with easy passwords as it's just a 'mod' msn for them. If you get any as well I'd suggest contacting them via pm here and telling them to change their passwords <img class=">.
  10. Thandal
    Thandal
    • Moderator
    • 183 kudos

    No one has reported any instance of an email account being hijacked (password obtained and account now experiencing unauthorized use.) The only reports are of email addresses receiving spam. Presumption is that the hacker (I hate to dignify the person with that title) forwarded the list of addresses to a spammer.


    There's at least one comment below claiming otherwise.

    Almost 2,000,000 accounts at the time of the attack, including those of a huge number of relatively sophisticated users, and only ONE report of a POSSIBLE pw compromise? I think we have a large enough statistical sample size to feel pretty confident that whatever may have been happening with the email account in question, (if it really was a compromise) this was not what caused it...