Nexus Mods gets the all-clear—but change your password anyway

Nexus fo4 page

Well this is a relief: fears that the Nexus user database had been compromised have proven false, at least partially. Nexus founder Robin 'Dark0ne' Scott has acquired the full database dump form the reporting security firm and discovered that the most recent account in the list was created in July 2013, at which point Nexus switched over to a more secure system. In other words, this is an old breach—if you've updated your password since then, your account is safe. If you haven't, do it now.

Happily, the passwords in the dump are encrypted and need cracking before being put to nefarious uses. It transpires that at least one of the accounts behind the compromised mods reported yesterday was using an overly simple, eminently crackable password. If you've installed any of the following, update or uninstall them to be safe:

  • Higher Settlement Budget (downloads from 5th December)
  • Rename Dogmeat (downloads from 4th December)
  • BetterBuild (downloads from 29th November)

In his update, Scott talks over a range of security updates that will be coming to the Nexus in future. You can't be too safe, of course, but this feels like the best outcome we could have hoped for. It's a shame Fallout 4's latest patch messes with modding support.