Cities Skylines 2 is Official!

Question is, now that its been done once, does it inspire more people to try?

Yes you'd hope Paradox learn from it and put better checks and processes in place to stop it but equally if attempts increase and this 'proof of concept' starts the ball rolling on more complex attacks then where do we end up. Either way not the publicity they needed on a game that's already struggled in that department.
 
I don’t think my PC would have been hit, I’ve not launched the game in the period in question.

I launched the game to download the French pack last night but that was after this all kicked off.
 
  • We have worked in close cooperation with the author of the affected Mod “Traffic” to ensure their account is secure and no further tampering should occur with their work.

Trust me bro I didn't do it?

They don't even say how the file got there, just allude to it not being the creator of the mod?


The above quote leads me to believe it's undoubtedly a virus/trojan or keylogger
 
Last edited:
Trust me bro I didn't do it?

They don't even say how the file got there, just allude to it not being the creator of the mod?


The above quote leads me to believe it's undoubtedly a virus/trojan or keylogger
I think it would be fairly straightforward for Paradox to confirm that the malicious file didn’t come from the mod maker upon investigation.

They’ll have blueprinted the computer that uploaded it in the logs and a quick check would show it wasn’t the mod maker.

Their account could have been compromised in a wide number of ways, their own computer being comprised is probably the most logical explanation but it could have also been social engineering or the password was leaked in another entirely unrelated breach.
 
I think it would be fairly straightforward for Paradox to confirm that the malicious file didn’t come from the mod maker upon investigation.
sounds like they are holding back info though.

Best policy is surely just to give up all the info you have that's relevant to peoples peace of mind, or knowing whether they should wipe their comp and restore a backup.


they must have ran the mod with the dlll and watched what it tries to do
 
Last edited:
I’m not sure what else there is to say.

If your mod synced between the two dates, you have downloaded it. If you played the game, you are infected. You can check by looking in the folder that they pointed to.

They have you instructions on how to deal with it via a virus scanner.

It’s up to you if you want to format or not based on the above.
 
An update has been posted to the Paradox statement posted earlier:

Update 2024-11-01​

We are still working to determine the nature of the malicious file that was added to the “Traffic” mod. As a rule, all mods uploaded to Paradox mods have always been run through a virus scan as a general precaution. We are hard at work to secure our platform against further issues. Since our original alert, we have taken the following steps to ensure the safety of our community:

  • We have conducted a specific, thorough scan of other files on the Paradox Mods platform for this malicious file, and no other mods appear to have it.
  • We have worked in close cooperation with the author of the affected Mod “Traffic” to ensure their account is secure and no further tampering should occur with their work.
  • We have engaged a team of IT experts to analyze the malicious file and better understand any current and subsequent risks it may pose.
As of now, the precautions we suggested in our original statement are still suggested in order to protect your system. Cities: Skylines II should be perfectly safe to play, and will not put you at further risk. We will issue further updates when our security experts have finished their thorough analysis.
 
Have they sorted out the simulation side of things, I've heard stuff like traffic, employees, industry and such like are not interlinked etc.
everything seems linked you can follow people from there house to work etc, or add citizens to a tracked list.

I made a city and got upto 40k pop and didn't really have any traffic issues, the highway to the city gets a bit busy at peak times but keeps flowing

on the road tools on the last panel theres options for no left turns etc, and cross walks.
right click all the cross walks off, and the traffic lights.

pedestrian roads can still have buildings on them too without traffic issues from cars turning onto them.
 
Last edited:
Is the game worth jumping back into now? I had about 10 hours on release but with the performance and other early issues abandoned it. Have been missing CS and not sure if it is worth to play the original or give 2 some time now.
 

Quite the security issue concerning traffic mod.

Was catching up with the thread and thinking of finally getting this after playing it on release on gamepass and being very disappointed.

The fact that I won't be comfortable adding any mods means I won't be getting this anytime soon, or ever.

Why did they even decide to do their own mod distribution anyway? Presumably for profit, charge mod makers or to stop people from getting custom assets which are similar to their expansions?
 
Why did they even decide to do their own mod distribution anyway? Presumably for profit, charge mod makers or to stop people from getting custom assets which are similar to their expansions?

Think about it.

You played the game on game pass. If they stuck with say, steam workshop, do you think you’d be able to access mods on game pass?
 
Think about it.

You played the game on game pass. If they stuck with say, steam workshop, do you think you’d be able to access mods on game pass?

No but I would have bought it on Steam now that people are saying that it's in a decent place.

The fact I have an exodus wallet and probably could have lost it due to Paradox Mods, takes me from "Ah i'll give it a go!" to "Not worth the hassle, with how little game time I have these days..."
 
What makes you think steam workshop is immune from such a breach? It’s literally been breached in the exact same way before.

If you have something so sensitive on your computer, you need to think about your own security rather than blaming someone else’s.
 
Back
Top Bottom