The popular game modification site Nexus Mods has announced a security incident that may have exposed the registration information for its users.

Nexus Mods is a site where users can download modifications for games such as Skyrim, Fallout, Witcher, Dragon Age, and many more.

In order to download mods from the site, users must first register an account on the site, which has led to a user base of close to 19 million registered members.

In a security notice posted to their site today, Nexus Mods has disclosed that an unauthorized actor hacked their services on November 8th, 2019 through an exploit in their legacy codebase.

"In the very early morning of 8th November 2019 we noticed suspicious activity by a potentially malicious third party actor against our services. Using an exploit in our legacy codebase, our logs confirm that they accessed a small number of user records from the old user service."

When they discovered the breach, Nexus Mods states that they secured the affected endpoints and moved the release schedule for the next version of the site to quickly retire their legacy codebase.

Unfortunately, they can not rule out that the exploit was not used in the past to access other user data such as member's email addresses, password hashes, and salts.

Therefore, it is strongly suggested that all users change their passwords on the site, especially if you commonly reuse the same password at every site.

It is also suggested that you use a password manager to create unique passwords at every site you visit so that if your information is disclosed at a data breach, it cannot affect your accounts at other sites.

Nexus Mods warns that users should vigilant for potential phishing or credential stuffing attacks that utilize your registration email and password.

BleepingComputer has reached out to Nexus Mods with questions but had not heard back at this time.