The website Nexus Mods has a cyber security problem.
The popular website, which is gaming fan-site that allows users to upload custom mods for many popular PC titles, has a major exploit that has been discovered on the website.
Several pages, including the Nexus Mod login page, do not contain an TLS encryption. TLS, which stands for Transport Layer Security, is a standard security technology that establishes an encrypted link between a web browser and a website. It also prevents outside users from seeing encrypted data, including usernames and passwords for a website.
The lack of an TLS encryption on the main website means that any information transmitted between the user and their server is vulnerable to cyberattacks, in particular for any attacker to see data sent to or received from Nexus Mods.
There is a workaround to the lack of TLS encryption by using the Nexus Mod forums, which are encrypted, to login session transfers between the forums and the main site.
The website has been vulnerable to cyberattack for some months now, according to a recent reddit post.
Nexus Mods, which was first established in 2007, has a history of cyberattacks attached to it, many of which go unreported for several years. Most famously, the website was hacked in 2015, which included an incomplete data dump of user IDs, usernames, email address, and passwords.
One of the Nexus Mod admins at the time, known as Dark0ne, noted that the data breach also saw malicious files posted all across Nexus Mods, where the hacker uploaded malware on the Nexus Mod servers in place of legitimate mods. The extent of this attack, however, came to light in 2016 when over 5 million accounts were handed over to Troy Hunt, owner of the website Have I Been Pwned? which allows visitors to check if their email has been compromised from a cyberattack.
At one point, someone attempted to sell the bulk of the data on the Dark Web before the information was handed over to Hunt.
It is unknown when Nexus Mods will attempt to fix the current security concern.
What are your thoughts on all of this? Leave your comments below.