Suspicious .dll files Nexus Mods point to possible database hack

Spread the love

The database of Nexus Mods, a popular website with mods for games like Fallout 4 and Skyrim, may have been hacked. A security company makes that claim and an unknown .dll file has been added to three mods, but the authors of those mods say they know nothing about it.

Nexus Mods administrator Dark0ne says he’s not entirely sure if a hacker managed to break into the website’s database, which has more than 10 million users. He says he was notified by a Reddit user who showed him an email from IT security firm Ren-Isac. That reports to some universities, which are customers of the company, that the security at Nexus Mods is insufficient. The email also states that ‘the emails and a password [sic] are on the internet in the criminal circuit’.

The administrator of Nexus Mods states that the email is not very concrete, but that at the same time a suspicious .dll file has been added to some Fallout 4 mods in recent days. These are the Fallout 4 mods ‘BetterBuild’, ‘Rename Dogmeat’ and ‘Higher Settlement Budget’. The suspicious file, dsound.dll, was added to the mods on November 29, December 4, and December 5, respectively. However, the authors of the mods in question deny that they added the file. Although VirusTotaal does not report a virus with the file, the presence of a strange .dll file remains highly suspicious.

Although it is not completely certain that a hacker has a copy of the Nexus Mods database, Dark0ne is on the safe side. Users are recommended to change their passwords and make them complex enough. In addition, he warns that if there is a hacker who has the database, the leak that he managed to exploit is not yet closed. The passwords are stored salted and hashed on the Nexus Mods servers. Payment details for premium accounts are handled separately by PayPal, so they are not at risk. Dark0ne also reports that stricter requirements for passwords and two-factor authentication are coming.

Last year, a hacker managed to add a trojan to a popular mod for The Elder Scrolls V: Skyrim. That way he managed to infect multiple user accounts and mods. At the time, however, that involved an intrusion at an individual user and not the server of the website. Although the site is 14 years old, about half of the ten million users have created an account in the past three years. The release of Fallout 4 has contributed significantly to the explosive growth of the website, according to Dark0ne.

You might also like
Exit mobile version