Cyber Incident Victim: Nexus Mods

On December 8, 2015, Nexus Mods publicly disclosed a security breach involving its user database and hosted mod content. The compromised database contained information for approximately 6 million registered users, though it had not been updated since July 22, 2013. Users who registered accounts after this cutoff date or changed their passwords within the preceding two years were unaffected by the credential exposure. The platform confirmed no financial data was compromised, as it did not store credit card information for premium subscribers. Concurrently with the database breach, attackers targeted specific mod content hosted on the platform. Several Fallout 4 mods were altered through unauthorized uploads that replaced legitimate files with malicious counterparts, though the functionality and intent of these files remained unspecified in initial reports.

The intrusion into mod content occurred through compromised creator accounts protected by weak, easily guessed passwords. Nexus Mods confirmed the attackers exploited these credentials to manipulate hosted files, though the full scope of affected mods remained undetermined during their investigation. The breach timeline indicated two distinct components: historical user data exposure from a legacy database and contemporary manipulation of active mod content. Platform administrators initiated investigations into both vectors while notifying users about potential risks to older accounts. No evidence suggested post-2013 accounts or regularly updated credentials were compromised. The incident highlighted operational security gaps in third-party content management, particularly regarding creator account protections for hosted modifications.