Nexus Mods, Suba Games and others fall victim of data leaks.
17 January 2021BREACHAWARE HQ
A total of 5 breach events
were found and analysed resulting in 6,972,500 exposed accounts
containing a total of 7 different data types of personal datum
. The breaches found publicly and freely available included Nexus Mods, Suba Games, Clix Sense Team, Dave and Reward It. Sign in to view the full
library of breach events which includes, where available, reference articles relating to
each breach.
Categories of Personal Data Discovered
Contact Data, Technical Data, Socia-Demographic Data.
Data Breach Analysis
Datasets, found publicly and freely available, originated from a diverse range of platforms: Nexus Mods, Suba Games, Clix Sense Team, Dave, and Reward It. Each of these platforms represents different corners of digital life, modding communities, online gaming, paid-to-click networks, fintech services, and reward-based marketing, making the impact of this data exposure varied and multi-faceted.Nexus Mods is a well-known and long-standing hub for video game modding communities. It hosts millions of modifications for games ranging from Skyrim to Fallout to The Witcher series. Its user base consists of mod creators, gamers, and developers who contribute content or engage with discussions around game customisation.
While game modding forums might seem low-priority compared to financial platforms, they tend to have highly active communities that often span multiple services. Many users contribute under known aliases, and the compromise of their accounts can lead to defacement of mods, reputational damage within the community, and impersonation across platforms. Furthermore, many of these users reuse login credentials, opening a door for broader credential stuffing attacks.
Suba Games is an online gaming platform that publishes a number of free-to-play MMORPGs. With a strong international presence, its titles often feature in-game purchases and social features like chat and guild systems. As with many online games, user data might be tied to avatars, virtual items, and in-game currency, assets that can hold real-world value in grey markets.
The exposure of gaming account data has two immediate effects. First, it enables attackers to compromise valuable accounts, stripping them of items or hijacking them to scam other players. Second, it puts younger users, often prevalent in such communities, at risk of harassment or manipulation, particularly if the breach included communication logs or friend networks.
Clix Sense Team refers to a platform operating in the "paid-to-click" or "earn by completing tasks" niche. Users on this site typically engage in activities such as watching ads, taking surveys, or clicking links in exchange for small rewards. Users of such platforms are often highly cost-sensitive and may not apply high-security standards to their accounts.
The danger here lies not only in targeted phishing using payment-related messaging but also in exposing behavioural patterns of those who participate in these micro-task platforms. These users are frequently members of multiple similar platforms, and attackers can create composite profiles to target them with more convincing scam attempts. Additionally, if financial data or processor metadata was included, it can be used to create fake billing narratives or spoofed withdrawal alerts.
Dave is a US-based fintech application that offers banking features such as early payday access, budgeting tools, and small cash advances. A breach of this platform is the most concerning among the five, due to its direct involvement in users' financial activities. While Dave has publicly acknowledged past breaches, the public release of data is particularly dangerous, especially if it contains sensitive identifiers.
Given the nature of Dave’s services, leaked data from this breach can be used to attempt account takeovers, initiate social engineering attacks on financial institutions, or even file fraudulent claims or tax returns. Even if passwords were encrypted, other pieces of identifying information can be used to bypass verification steps on associated services.
Reward It, a lesser-known rewards platform, likely operated similarly to Clix Sense by offering compensation for user activity. Though the value of each individual account may be low, the concentration of such data in a single source gives attackers volume, a critical factor in spam campaigns or bot network development.
The presence of seven different data types in this breach set adds further complexity to the risks. The diversity allows for data enrichment, enabling attackers to build comprehensive profiles that go beyond one platform. For example, an email address used for both a gaming site and a fintech app creates a link between low-risk and high-risk digital behaviour, and once identified, can be exploited accordingly.
The most worrying element of this breach is its mix of casual platforms (modding, rewards, gaming) and financial services (Dave). This convergence illustrates how a user’s digital footprint is often fragmented across services with varying degrees of security. A modding enthusiast on Nexus Mods might not worry about their password strength, but if they used the same email and password combination to sign up for Dave, their financial data is now at risk. The same holds true for users who casually registered on Clix Sense or Reward It but also manage cryptocurrency wallets or use financial apps with linked email addresses.
Once breach data is made freely available, it enters a wide ecosystem of reuse: for credential stuffing, social engineering, phishing, identity theft, or even as datasets for training AI models in malicious hands. The sheer number of accounts involved here, while not in the hundreds of millions, still represents a significant cross-section of the online population, particularly those in economically vulnerable or niche interest groups.
In sum, these five breaches provide a layered view of how different digital identities and behaviours intersect. Each platform on its own might not suggest a severe risk, but together they offer insight into the compounding nature of modern data exposure.