DO NOT use SL to buy anything using your bank account, mine got cleared out

Wasn't a new customer service center opened in UK last year?

Nice guess, but wrong. They could definitely hack just him. For example, his computer had a keylogger sending his password to a hacker who then logged in as him, bought lindens, and then transferred them.

Check your transactions and see whether these funds went into your SL account and to whom they were transferred.

He's doing both, and also making accusations on insufficient evidence.

SL/LL is out to get poor Chaos...you know it's true! Admit it!

My very strong advice to everyone out there is never, ever use your ATM or any other card linked to your bank account on the internet. If you can't qualify for a separate credit card, eat the fees and buy a prepaid card. Or, open a separate bank account for internet use.

It's worth the hassle for peace of mind.

Rather than look at some vast conspiracy theory that involves the Lindens wanting to take your money, or their system being hacked by someone, let's look at what are the more reasonable explanations first. In other words, if an acorn hits you in the head, maybe the tree dropped the acorn because acorns fall. The sky is not falling and that squirrel is not out to get you.

Almost certainly, Chaos, someone got your password. Either that or the SL payment system was hacked or Phillip wanted spending money. Those are not likely, although it apparently serves some people in some way to believe this. Everyone loves a villain.

The question is, how did whoever did this get your password? There are several ways that internet fraudsters get information like this. One is by phishing or spoof emails. If you've responded to one of these and given out your information, the thief will use it to clean you out.

Do you use a completely separate password for Second Life, or is this the same password you use on multiple accounts? And do you use this unhackable password on some forum that has virtually no real security?

The other likely possibility is spyware or malware of some sort....a keylogger.

There are other possibilities, for sure, but these are more prevalent. I know because I take calls like this all the time. It's easy to point the finger, but usually the user is responsible for the door being "left unlocked" so that someone may enter. If I leave my garage door unlocked, it's not Schlage's fault that someone entered my house. And, I hate to say it, but if SL's system was hacked....we'd be reading about it on the news and there would be a whole lot of us complaining about our banks being cleaned out. The fact that it happened to one person, or even two, or twenty....well....you jump to the logical conclusion there. Remember there are millions of users here.

I know....it's a curse of mine..actually thinking logically.

Holy CRAP!!! The sky is falling!! Oh...sorry....it was hail....




PS - Use a completely different password for any financial type account and change it regularly.....three to four months. This will never happen to you.

I am fully aware of how keyloggers work.

I am not going to ass-ume that it is simply a key-logger targeting Chaos. Looking at SL's issues I can also surmise how terrific LL's own brilliant security is. Nor am I going to assume Chaos is lying, exaggerating or just blundering.

Well I only joined this forum yesterday...but he does seem to over exaggerate things.
For example he said the UK is "waaaay behind the US". I'm in the UK and I've been to the US and Canada several times...they have drive up banks but the other stuff is pretty similar. We aren't in the stone age we just aren't quite as vocal about things as the US.

From what others have posted I've formed my own opinion but I'll be taking any future alarmist posts with a good old pinch of salt.

Welcoem to the Forums Arabella btw.....and yes, it helps

Problem is that she & Chaos have already decided what happened.. No amount of logic or sensable thinking is gonna change that.

then explain why, so far, its only chaos' account that was wiped? how come there are no other complaints regarding similar issues? if all you wish to do is just be a doomsayer then you fail. anyone with a logical brain cell can see it's not LL's fault. if you feel that its so poorly run, why bother to log in?

I heard you guys still travel around by horse and buggy. You'll never fit one of those through the drive through at the bank. Just kidding, and welcome to the forums. You have surmised correctly about Chaos. He is one of the most paranoid posters I've ever seen. Everyone is out to get him in one way or another and it always seems like the end of the world. If his bank account got cleaned out, then he has my sympathies - that truly sucks. Blaming LL is beyond ridiculous, though.



Speaking of silly. Rebecca, do you just sit around and wait for garbage like this so you can blather on about how LL should be responsible for holding our hands and making everything alright or how they are the ultimate evil force in the universe? Come off of it. If SL had been hacked, they wouldn't have targeted Chaos' account to empty out. He isn't exactly Bill Gates. All holy screaming hell would have broken loose. You hear hooves and assume it's a herd of zebras. There are any number of logical ways this could have happened that make way more sense than some sort of international mysterious cabal of hackers intent on persecuting Chaos by hacking into LL's systems and stealing his money. Don't you think they would have gone for LL's money? LL HAS to have more in its bank accounts than Chaos. How about emptying everyone's bank account? Mine looks fine as of this morning. It's damn near empty, but that's because I spent all my money on candy and toys, not because LL stole it.

As an aside, stop blaming this on LL. It's childish. We're adults here. Your security on the internet is YOUR responsibility. if LL publishes a list of credit card numbers or something, or truly does let itself get hacked because it fails to follow normal and reasonable precautions, then I'm right with you, but otherwise, it's up to you to have an adequate firewall, virus protection software, anti-spy/malware software, etc. And it's up to you to make sure you bank in a way that is safe - either by making sure you have a protected credit card (check with your bank) or you use Visa gift cards with limited balances or whatever makes you feel safe. You can't rely on LL or anyone else to do that for you, and frankly, as an adult, I would be offended if they tried.

It could be a simple billing error, and if so it should be easily rectified. We don't know how much was in the account to begin with. If it wasn't much then just billing the incorrect tier or billing twice (which has happened) would be enough to cause the account to become overdrawn. I'd say that's probably a more likely scenario then a hack. LL has always been swift to take care of billing errors or suspected fraud. A pain in the arse to be sure, but no reason for panic.

According to the Intego article you quoted above, this attack only works if the user downloads the trojan and installs it using the system administrator's user-id and password. An ordinary login account user can't do that.

Yes, if you download and install (bogus) replacement components for the system using the privileged administrator account, there's not much that can be done about it...

I note that the Intego site is (a) running Microsoft Windows and (b) says that the way to solve this problem is to buy the Intego software.

LOL

I am not ass-uming anything, but I am not going to wait to see....in the meantime I deleted my payment info.

Anyone with a logical brain cell is going to trusts LL's security, considering how wonderful it all is?

short and to the point. if you cannot grasp the above concept, the sell your computer or stay off the interwebs.

For me, I don't necessarily trust Linden Labs.

However, when it comes to either (a) Linden Labs making unauthorized charges to my card, or (b) a security breach that makes my credit card available to someone else, I am able and willing to sue them, and their TOS will be of no help to them in those cases.

They aren't a potentially fly-by-night website. I have sufficient information on them to know they have an established, physical office, and assets that can be touched.

So though I don't especially have a great deal of trust for Linden Labs, I have a remedy if they screw me via my credit card.

Plus, I don't think they are lazy when when it comes to credit card security. I don't know of any history of problems they have had in that area, at least since I've played Second Life. They are also a company that fears the lawsuit. They know that screwing around with customers' credit cards is one of the things over which they could get into deep legal trouble. The things that Linden Labs screws us on are the things that they think have a low probability of resulting in a lawsuit.

That doesn't mean it's not possible that their security would be breached despite their best efforts. But I'm fairly sure they at least put in their best efforts, and reduced the risk of breach.

That's why it would be shocking to me to hear that Linden Labs would make an unauthorized transaction on someone's financial account, at least intentionally. It would be shocking to me if they would not act quickly to remedy an accidental unauthorized charge. And it would be shocking to me if they did not take a potential breach in their security very seriously.

Now, if you don't trust Linden Labs with your financial information, then don't give it to them. Refusing to give your financial information to places that you do not trust is the best thing you can do to protect yourself.

However, distrusting Linden Labs, and accusing them of actual fraud or theft or negligence, are different things.

Linden Labs may be poorly managed, but I don't think its crazy.

That's how all trojans work on any platform. My point was that believing that owning a Mac makes you safe just because it's a Mac is foolish, and Mac users have been so brainwashed by that philosophy that they will be particularly vulnerable when fraudsters start to set their sights on the Mac platform (which they most certainly will do as it gains market share). A false sense of security makes for easy targets.

Maybe I just don't have the mindset, but if someone were to get access to the actual credit card data the last thing I'd imagine them using it for is to buy L$ rather than use at some online store across the world to order something.

If Chaos' charges are due to L$ buys, it's far more likely that someone had his password than anything else (in which case he needs to worry about any debit permissions that were extended to scripts).

(Edited to add that I was just thinking out loud about the password "hack" vs payment info "hack", not really responding to anything you mentioned in your post )

Me Mac user...me brainwashed...me also eat brains...Aahh...brains....

And if your money has been stolen, that's a very serious issue, no matter how much it is. You need to recover it.

However, you won't recover it by narrowly focusing on Linden Labs as the villain. It's possible that in the end, it could be their fault. But it's possible that they aren't at fault, and if you don't consider all possibilities, you have a high chance of not recovering your money.

Even if you are sure that Linden Labs is evil and hates you, you are always better off dealing with them politely and giving them the benefit of the dout, rather than being hateful to them.

If they actually hate you, then your politeness to them will not change the outcome one way or another.

It may turn out that they don't actually hate you. In that case, your politeness to them helps your cause, because it makes them want to help you more.

It may turn out that Linden Labs hates you as an entity, but when you talk to a customer service rep, you get the new support person who hasn't read the memo yet that it's the Linden Labs company policy to hate you. If you are polite to that representative, then that rep. might mistaken help you in violation of the official Linden Labs corporate policy.

So there are three scenarios. In two of them, being nice and polite to Linden Labs helps you. In all three scenarios, there is no downside to being polite. So your best play is to get all the venting done with a friend in private, then go and deal with Linden Labs with your best politeness and patience.

Further, I can appreciate the fact that having a low income makes some things difficult for you to do. I can apprciate that because for quite a few years my job was working with low-income people, when they had problems. Some of them were defeatists who could use their income situation to justify why they could never do anything to help themselves. Some of them were surprisingly resourceful, and when determined to help themselves, found ways of helping themselves despite their income options.

Point is, if you're determined to be helpless, you will be helpless. If you're determined to help yourself, you may surprise yourself with the ingenious ideas you develop to help yourself. A lot of the people in this forum are trying to offer helpful suggestions. Not every suggestion is feasible. But you don't help yourself by thinking of ways to shoot down every idea someone gives you. Think about ways to make things work for you.

If Linden Labs does screw you, indeed, share that story with the rest of the world. But we haven't yet determined that Linden Labs screwed you. In fact, I'm still fuzzy on the details of what happened, which makes me wonder if there isn't an important detail being left out. (Such as, the unauthorized transaction is related to your attempt to buy Lindens, and incorrectly inputing the wrong number.)

If there is some component to the story like that, you don't do yourself any favors by leaving it out. People, and even companies like Linden Labs, can be surprisingly willing to help you out if you've made an honest mistake. (And you haven't made too many honest mistakes with them, and if you are polite to them.)

if LL has been breached, this would not be the first time.

Remember back to September 2006, they changed everyone's password but did not do a blog post until 2 days after it was discovered they had been breached.

http://blog.secondlife.com/2006/09/08/urgent-security-announcement/

Chaos, I contacted you in-world. Best of luck with your bank.

A lot of hacks are made by smart, bored 17 year-old kids, aren't they? It's possible that some smart, bored 17-year-old kid who uses Second Life to see the naked bodies on sex poseballs would devise a complex hack to steal credit cards and then use them to purchase Lindens so he can buy nice skins and poseballs.

But the key word you use here is what is "likely." If one is inclined to blame Linden Labs for the world's ills, one might want to focus on the improbable. but indeed, possible, scenario of Linden Labs fault, rather than investigate the more "likely" causes that may have nothing to do with Linden Labs fault.

Unfortuantely for the original poster, I suspect, the opportunity to vent about Linden Labs is worth about 450 pounds in currency to him. He's giving up 450 pounds, by not investigating all reasons for his loss of money and how he can recover it, so he can vent about how Linden Labs screwed him and there's nothing he can do about it.

I'm no apologist for Linden Labs, and there are lots of things for which Linden Labs deserves legitimate criticism. But I'm not going to give up money to rant about them. I already give up too much time doing that. Besides, this is a distraction from the problems in Second Life that Linden Labs can and should be fixing.

A lot of their support folks are or used to be done via VoIP, meaning you called the CA 800/877 number, and you got routed via VoIP to one of the Liaison Lindens. When I have called, they have told me they are all over the country and in the UK.