change your email and paypal passwords too

I received this notice from the Dreamland group. Its something I didn't even think of.

"Group Notice From: Anshe Chung

Today Linden Lab invalidated all our SL passwords because someone hacked the accounts database. However, this may not be enough to protect you if you use the same password elsewhere. The hacker will also know your email address. Please make sure to change your email account password, PayPal login password or any other password ASAP if the password is the same as what you used in SL!"

you don't have to change your paypal considering all of that information is stored on the database that wasn't hacked. All things that were compromised is information that you put in before your billing account such as your address, real name, avatar name, password, email, phone number.

If you don't have a good password for your email, you should think about that.

You can log into Paypal using your email address, so if they got your email from Sl and its the one you use for Paypal then that password (paypal) should be changed also.

I suppose so especially if you use only one password for everything.

For many people the email address that LL has IS thier paypal account name!

IF they use the same password in SL as PayPal (I'm betting a lot of people use a common password for a lot of logins) the advice they give is very good too take:

If you use the password that was stolen from the SL database, it is in your best interest to change that passwrod in any other place you may have used it.

This is a precaution as the passwords were apparently encypted to some degree, but a good precaustion to take.

lol read my text above you. I agree it is a good measure because it hit me that many people do use the same passwords for everything.

Bumped for making so much sense.

A lot of people do use the same password here and there, and that simple slip can cost dearly.

I have a friend who lost access to a number of online game worlds because he used the same password everywhere, and had an Xfire reference in a forum signature that told the hacker every game he played.

Just changed my SLX password too. Trying to figure out how to change SLB, but can't find a way to do it. Anybody know how? I did send them an email regarding how to change passwords.

Log out and use the forgot password link

D'oh! *slaps self on forehead*

Didn't the anouncement say only the ecrypted passwords were stolen? If so, they are worthless.

They are worthless assuming that the hacker(s) will NEVER decryt them. Thats an assumption I would rather not make.

One scenario:
Say in three years available computing makes it so that the passwords can be decrypted much faster. Say in those three years that you have not changed your paypal password.
Hacker now has your email address and your password, which is the same one you used for paypal....

Another scenario:
LL has not encrypted the passwords very well. Hax0r is managing to decrypt the passwords as we speak, you figure out the rest.

I was writing my reply as you posted that. And it ws not just a response directed at you, but others who may originally thought the same thing.

hopefully they followed standard practice and used one-way encryption of passwords (hashing). if they did, it is impossible to actually decrypt the password. the only way to find the actual password is to try using the same one-way encryption on different passwords over and over until you find a match (dictionary attack).

now, if they didn't even do that..........

Two words...sticky notes...I've got 'em all with all my diff passwords and login IDs written on them...NO two things I use have the same or even similar passwords and ALL are at least eight characters long and are miscellaneous characters, no birthdays, pet names or any crap like that. Make all your passwords different and random, makes it MUCH more difficult for someone to hack as well as not having to go change all your passwords when something like this happens!

I changed all the passwords i could today. All of them are painted into my desktop wallpaper.