Security Issues with Verified/Not Verified Account Information?

With the new changes in the profile description, I ask this question - is it a security risk? By adding this information into the profile, it's letting people know, to the "public", that SL has account information.

As much as I trust LL's securities, I'm afraid that there are going to be attacks on those who have their account information "verified" and wondered if there is another method for making such information be known but not be known?

As long as I've been on SL, you've had a very good indicator if someone had listed payment information on file with LL just by looking at who owns a parcel of land. Land ownership inbdicates a premium account and therefor payment info on file.

So far as I know, these users haven't been targeted in the past, why would they be now?

This question has been asked and discussed in depth in several other threads. Can we not go through that yet another time?

The short answer is: No.

For all the drama and debate, read the threads.

Wendel

You know, up until this change nobody on earth had any idea that Anshe's payment information was kept by the Lindens.

Right?

Not at all. All you have to do is look at at the ground and target that account since owning land means you are paying cash to LL's.

As far as security goes, your password, how unique it is, and how often you change it, has a direct effect on your security.

This is what I always tell my cilents. (except the returning the computer part...)

Password:

1. Your password should be between 8-10 characters and contain a combination of mixed case letter, number, and special characters.
   
2. It should be be a dictionary word
   
3. It should not be your username or your username1
   
4. If you are using your username as your password and think that it is secure and not a big deal, please pack up your computer and send it back to the manufacturer; we will all be better off.
   

Unique:

1. You should not use the same password more than once time per account. e.g. Don't use the same password for every website forum, your bank account, all your games. If somebody figured out your username and password here, they can then go hack your other game accounts.
   

Age:

1. You should be changing your password *at least* every 3 months. If you are pushing a ton of cash through your account, once per month would be better.
   

Go visit this website:
http://www.winguides.com/security/password.php

Select the options you want, have it generate 10 or so password, and then pick the one you like. That is your best bet to generate a decent password that won't get easily broken.

No.

Before LL eliminated any ID verification requirement, EVERY account on SL had provided at least some sort of credit info, with the exception of the cell phone verified users, who still gave enough info to bill their cell phone account.

Post 6/6/06, some accounts are now identified as "not a target", as they are clearly tagged as having no payment info on file. For everyone else, we're at absolutely no more risk than before.

Actuially, the accounts that are erified are at greater risk.The greater risk is directly proportional to the number of unverified accounts present.

Before, if there were 9 basic and 1 premium accounts present in an area, a hacker had no idea who to go for. Now, if there is 1 verified and 9 non-verified accounts, it's kind of obvious.

Warda, an attack in-world isn't going to gain a hacker anything. What's he going to do? Mug me and take my virtual wallet?

The actual sensitive financial information isn't in the client side, and isn't in the avatars. It's in the central databases at Linden labs. A hacker going after that doesn't care about individuals. He's trying to hack the security of the database itself, to compromize the whole system.

Attacking a single user's account, such as trying to compromize their login password, will not expose their credit card data. If I wanted to identify a single user who potentially has a lot worth stealing, I'd just look around for people who own scads of land or big buildings. Big business owners, land barons, sim owners. Those signs of success label someone far more as a target than "Payment information on file and used" ever could.