Nexus Mods, a website through which players can download mods made by independent creators, has released a statement about a possible leak of a small amount of user data. It has been reported that they were stolen by a hitherto unknown third party, so no company employee is suspected. The site security team noticed suspicious activity on the morning of November 8, this year.
"Even though we were able to secure the endpoint as soon as we discovered the exploit, as a measure of security, we are informing all of you, as we cannot rule out that further access to other user data including email addresses, password hashes and password salts has taken place," explains the website's community manager BigBizkit.
The creators of Nexus Mods claim that so far no problems related to the possible leak have been reported, but every eventuality must be considered. As a result of this situation, all users are asked to relogging their accounts in order to migrate their profiles to the improved, more stable website and change their passwords. The new security upgrade includes more strict requirements. If you have a Nexus account, we also recommend that you enable two-step authentication.
BigBizkit did not explain why the website decided to release the message about user data leak after more than a month. He assured, however, that the company reported the infringement to the Information Commissioner's Office in the UK.