oh shit

Yeah, and just the tip of the iceburg too.

People who say, "Nothing to worry about here, calm down, it's okay" are very uninformed as to how serious this incident is.

This is not likely to be some joyriding haXxor kiddie here. This is likely a professional operation. They now have email adresses, and encrypted CC information that is attached to both SL account informaion, and RL name, address, phone number, etc. This is VERY serious. The teen grid accounts have been compromised as well. These people have the name, age, addresses, phone numbers and email of every teen on the grid...a pedophile or fraudster's dream come true.

As a business owner in SL, someone with significant SL investment, and a parent of a teen grid user, I am appalled that this has happened and that LL waited 2 days to tell us it happened. I am even more appalled at anyone telling people..."Oh, this isn't that big a deal".

'From: "Second Life" <huvzipwy@chello.nl>'

I very often at work recieve spam emails that appear to come from my own office I work at. Heck, I had one that masqueraded as me. They were often a .nl, .cz, or .ch domain too.

Hmmm, that's not good.

Not good at all.

But any spam generated by the "Security issue" here in second life will probably be lost amidst "ZOMG Earn money without ever leaving your computer chair!!!!!!" and "Are you dissappointed with the size of your penis? WE CAN HELP!" spam I get hourly.

Still don't know why the spam Gods think I need a penis enlargment, however, if they could do something about my boobs...

In all seriousness the thing that really bugs me about this is the fact that LL waited TWO Effing DAYS to tell us. Why?

It would seem practical that if you knew there was a security breach of the database, regardless of its scope, wouldn't you at least inform your subscribers so they could take the initiative to protect themselves by informing...Oh I don't know, their CC companies, ISP, Bank....hell priest???

Isn't it better to be proactive instead of sitting on the information for TWO DAYS while they figure out how to put the best spin on it and keep the fun lovin, peaceful linden lifestyle groovy?

Maybe LL needs to cut back on the herb a little and visit a while in reality with the rest of us, this customer service and public relations nightmare could have easily been avoided of any one of them could think through the pretty haze circling around their heads.

Because honestly, sober people would have made different decisions regarding this serious issue.

*Sigh*

I may progress from mildly bitchy to full out grouchy if I get home from work and can't log in. Password change was successfull only half way through my list of every pet I've ever had ever because I couldn't remember which effing one I used. (Imaginary friends count as pets, don't they?)

Pointless vent over...staggaring stuipidity just makes me cranky.

Same here, and I don't work anywhere! But it's kinda odd to be sending myself emails.

I've even had a couple that claimed to be from SL, but... they got filtered into my spam box. That was before the hacking. But either way, the email account's password got changed too.

This sucks. If all of our info is out there it doesn't matter diddly if we can log back into SecondLife. It's my damn first life that's going to get messed up now. Having my personal data and my credit card info sent to the spammers/id thieves/russian mafia is more worrying to me than getting on the grid again. They better keep us updated throughout the weekend.

Big deal. You should see the contents of my Gmail account sometime, ever since they posted the URL in plaintext to the developer directory.

Glad I have my own server that stays below the radar to avoid this kind of stuff.

I make up a fake account to put all my spam stuff into and I never check it.

I used my real email for SL.

I'll be very pissed if I start getting 1 nc r3 a $ 3 your P3 N 1$ $1 z3!!! emails.

watch out, people are going to come wagging their fingers at you and claimg you are irresponsible and that it's your fault for using your real email!

I'm fully content with any additional ARs I incur between now and monday.

Bring it bitches.

I certainly was. And still am.

My monthly spam count is sitting at 1,540 messages at the moment. And my gmail is still listed, despite asking them politely to take it down.

That and my page on the LSL wiki are the only listings that have ever shown on Google for the address. The second one I have, of course, taken down.

Bree I totally understand your point, and Zoe made several excellent points as well.

My personal feeling is that if anyone suffers a monetary loss in their CC and/or bank accounts, any form of identity theft or as Zoe mentioned any vulnerability to predators on the teen grid that can be even loosely tied to this fiasco even a mediocre lawyer could argue successfully that LL was complicit in the crimes, not because their system was vulnerable but because they sat on the information that it had been compromised for almost 48 hours.

I think they SHOULD be held accountable for the delay in informing their subscribers that thier PERSONAL INFORMATION had been compromised.

I may be insane for typing this, but it is my gut feeling that LL has left themselves open to the largest multinational class action lawsuit the gaming industry has seen. It could have been avoided if they has spent less time trying to figure out how to cover their asses and let their customers know, so their customers could protect themselves where LL failed to.

That's my world view, I feel terrible for the people who could be and have been negatively impacted by this monumental screw up. I am angry for you and with you.

I'm am also fortunate....no one would want my first life.

Is it possible to have a negative number in your credit rating? I mean I actually feel bad for the poor sucker who tried to use my stolen identity...but the ridicule and laughter would serve the bastards right. I own nothing, my money is gone before my paychecks are cashed...I have one entertainment expense, SL and in the grand scheme I don't spend much on it.

That being said, I have informed my financial institution of the possibility of the issue....not surprisingly, I wasn't the first person my customer care associate had spoken to about the "Second Life thing."

Bleh done rambling....unless it's still raining outside...then I'll come back and ramble some more.

Wanna get to 1000 posts before Monday....only 995 to go!
***EDIT*** 994....I must have been sleep surfing again....

*wags finger*

I find that one needs 4 personal email accounts.

One "real" address for friends, family, business associates. People you actually want to hear from.....

One freebie account used exclusively for internet purchases. Any financial transactions go to this account and this account only.

One freebie account used exclusively for places where your email address will never be published, such as registrations for message boards, blogs, SL, groups/clubs, other social activities or places where you choose to remain anonymous.

One freebie account used exclusively for any time your email address will be published, such as some blog comment sections or forums. You never check mail at this account because this is where all the spam goes.

Every time you use a credit card in a store you produce a slip with all the data any scammer needs to rip you off. Every time you throw away a free credit offer or an old bank statement without shredding it you're putting your information out there for someone to steal. It's bad that hackers got into their records, but there are plenty of RL ways for thieves to get your unencrypted information that no one thinks twice about. Let's not blow this completely out of proportion.

I don't think this is so much about the vulnerability of the information as it is about the critical delay in letting subscribers know that their information had been compromised. It should not have happened at all, but it did and does all the time, the fact that we were not told until almost 48 hours after the fact is inexcuseable.

If I lose a reciept and a theif gets their hands on it, it's my fault for not keeping better track of the reciept. I probably wasn't aware I had lost the reciept. In this case, I entrusted another entity with the security of my critical information, and they failed, instead of informing me that there was a problem, they waited for what ever reason while my bank account, my credit cards and my identy were drained, maxed or stolen. THEN they told me there was a problem...who's responsibility does it become then? (Hypothetically speaking of course, this has NOT happened to me.)

This should be blown up as big as it can get, because LL has failed its customers. PERIOD. We had the right to be informed the moment they discovered the problem. PERIOD. There is no room for arguement here, no rationalization of motive that will hold water. OUR INFORMATION was COMPROMISED to a thrid party who's intent to use that information was no so they could send us all Christmas cookies.

This issue is huge, and the more I think about it, the more it bothers me. LL broke trust with its customers by waiting two days to tell us someone had hacked the database that contained our personal information.

They should be taken to task on this, and hopefully they will learn from this disaster.

I don't think I'll hold my breath on that last part.

I seem to remember a post of Robin getting an email from Secondlife.com that was a phishing. This was a while ago, so I'm not sure I'm remembering correctly and it is too late at night for me to go hunting anything but my bed.

A pedophile likes to sleep with children under the age of TWELVE! Specifically, a pedophile prefers PREPUBESCENT children.

Anyone who has seen a naked teen {I never have - even as a teenager - outside myself} knows most of them do not fall in this category.

Pedophiles do not sleep with pubescent {teen} children.

Please use the correct words when you try to scare people. Otherwise, you just look dumb.

Thats kinda what i do. I use MSN for the real spam since it has terrible filtering and wants you to pay to make it better... i use yahoo for average stuff like forums, registrations and such. Once i see a game company or forum has not spammed me in a week they get moved to my gmail. Yet my gmail still finds a way to gather a little bit of spam. :/

I own my own email server, which has kinda spoiled me, because I tend to just make up new accounts at random when the need arises. For sites I don't trust with my real info, I make up something and it goes to my catch-all account. Once a particular account gets a heavy flow coming in, I black-hole it and go on with life

I would do this but i live in florida (the storm state) where i have blackouts and brownouts on a daily basis. So this prevents me from running a web server and KEEPING it running hehe. Otherwise id have it all ready to go. :/