Digg it!

why?

'Cause its news, and people should know when a company has a horrid security lapse that compromises the safety of its customers.

Excellent! Thank you for doing this.

Make sure Aimee is aware of this too. I imagine she'll be doing a blog entry soon and might provide a link.

dugg.

"Hackers gain private information on all 642,720+ Second Life users"

Is this confirmed now, then? The official word is that "some of the unencrypted customer information stored in the database was compromised, potentially including Second Life account names, real life names and contact information, along with encrypted account passwords and encrypted payment information."

Yes, this is news - but not Fox.

I really hope more news sites pick this up - MSNBC, CNN, BBC et all so people can actually see what a piss poor company LL is from the point of view of customer service.

What the fuck have they been doing for 2 days - just blows me away. I'm literally sitting here shaking my head from the way they have dealt with this. Reset all the accounts and then fuck off home for the weekend - fantastic!!

I really feel sorry for the support staff on Monday - they are going to get absolutely mauled by people when they call them.

Boing.

Dugg.

I mentioned in another thread how CSR's (customer service representatives) were actually the most feared enemy in The Matrix Online, not Agents, shortly after the Sony takeover. So LL is not the worst for cutomer service.

What were they doing for the past 2 days? I'd say they probably locked down the offending entryway, then patched it, did a decent amount of testing on it, and then announced to us (and the hackers) when they reset the passwords.

Maybe that should be a thread? What would cause you to leave? Maybe something like:
"Darn, we though we fixed that bug that randomly repossessed land to Governor Linden without compensation"

I'm very far from happy and the news should get out though; I totally agree with that. But I'd also hate to see SL wink out. I think the Lindens can get back on the ball, and I hope they do.

I don't see how two days of investigation and THEN telling everyone their passwords, and possibly their credit card and personal billing information may have been disclosed is good business practice.

Companies are expected to act on security breeches immediately. What damage was done while they were "investigating?" The hackers obviously acted covertly, so why would they do something stupid to reveal their tracks? They could have logged into well-known accounts when they were offline and stole code or sent full-perm copies of objects to a wide variety of alts. The things people could do with just our password are mind-boggling.

It highlights the stupidity of the current login system though. Your user name IS ALSO your login name? Who the hell thought that up? I like WoW, where you have a login name known only to you, and all of your accounts are stored under that login name.

Hmm, yea, you're swaying me to your side more, Aaron. 2 days is pretty slow. The more responsible action would have been to put a lockdown on everything until it was fixed rather than leave it open 2 days like that. Maybe would have caused more backlash, even though it is a safer course of action.

But they certainly couldn't have just reset the passwords then if the hole still existed. They would have alerted both the original and unaware hackers to the potential exploit.

I also agree that those two username systems are a good idea, where you have a secret username that only you know, and then a public name that everyone else sees in game on when you post to the forums. It makes it that much harder for hackers.

Made an account just to digg this story!
And it is a fast registration, too... 20 secs and you'll be making LL feel the bad pr!

By the way: this story just made the home page!

During the two days they were investigating, they could have said, "We're sorry, but we believe your personal information might have been exposed via an exploit. At this time, we request that all players change their passwords, until we find out more. If necessary, we may have to invalidate all passwords to protect your information. Please be ready with the answer to your security question, if this does occur."

They could have avoided the drama and disruption by simply doing this and looked a lot better in everyone's eyes.


Also, I'm pretty sure they're dreading Monday... oh, yes.... that's going to bite them hard. They felt it was important enough to invalidate the passwords, but not important enough to supply the support needed for those who would have problems? *snort* I guess they're learning the hard way, huh?

...

Boinged.

We made the Digg front page!

I was just going to post this! It made the front page. Not just the Security front page but the Technology front page which is the front page. Excellent job Aaron.

Dugg...and Aaron edit in the email from LL admitting the breach so its more beliveable.

834 Diggs and counting, and it just went up yesterday.

Gee.

I know this is going to sound crazy, but bear with me here:

I'm going to go out on a limb and say ... are you ready?

I'm going to go out on a limb and say that despite all of the babbling about, "Oh this is nothing! You people are overreacting! It's all your fault anyway! Shut up and love it!" ... that despite all of that, it might be possible, just maybe, just possibly, that a few people felt there was something to be concerned about after all.

Just sayin'.