Nexus Mods, the popular mod sharing website, suffered a data breach in November 2019 but for some reason, it took them over a month to notify the possibly affected users. Furthermore, the info was not relayed via emails but rather an obscure news section.
Nexus Mods is one of the most popular mod dissemination sites and to say the user base is large would be an understatement. Therefore, it was no wonder someone tried to acquire credentials of or at least a portion of almost 19 million users through an attack on the platform.
While that is not a surprise, the way Nexus Mods handled the breach is. According to the site's , a data breach happened on 8 November 2019 while the users were notified over a month later, on 19 December 2019. To make matters worse, the notification happened only on the website itself and no emails were sent out to possibly affected users.
If you are a frequent user of the website, this wouldn't be much of an issue but those who happen to not visit it for months on end could go unnotified that their credentials may have been stolen. There was a mention that a "small number of user records" that were affected but Nexus Mods staff are not aware of whether or how many times the exploit could have been used in the past.
Anyway, Nexus Mods urged users to log out and back in so they could update their passwords and migrate to the new user experience which should be more secure.
More importantly, any users should be aware of potential phishing emails as well as credential stuffing attacks. Given the site's inability to figure out how many people could be affected, it is strongly recommended that you change passwords on any other websites that could have been the same as on Nexus Mods.