Welcome to the Second Life Forums Archive

These forums are CLOSED. Please visit the new forums HERE

We Have Been Hacked

John Horner
Registered User
Join date: 27 Jun 2006
Posts: 626
09-09-2006 06:51
Q: Was my account information compromised?

A: We discovered that a database was accessed by the intruder, and we are able to determine the aggregate size of the data that was downloaded through the intrusion. The database accessed includes customer account information, including Second Life account names, real-life name and contact information in unencrypted form. Account passwords and payment information (consisting of credit card numbers and Paypal transaction IDs) are stored in this same database in encrypted form. However, there is no way to identify which data were accessed at the level of individual users, only the aggregate size of the downloads returned from the intruding database queries. We are conducting further investigation to try to determine the class of data exposed.

(from Linden Thread)
---------------------

In short we have been hacked.

Clever little gits who have done this, you have got to hand it to them, even though I have spent this morning taking certain steps...
If Linden catch them it may even be better to employ them rather than try to put them in prison, always pays to have genius on your own side......even though they may well deserve it......


So apart from being reasonable certain we can all find out about one another’s real life(names addresses and telephone numbers) if this information leaks into the public domain, do I need to cancel all my credit cards, and could anybodies pay pal account be compromised
Greene Hornet
Citizen Resident
Join date: 9 May 2005
Posts: 103
What idiots...
09-09-2006 09:05
What a bunch of idiots - "zero-day" simply describes the fact that it happened the same day that they noticed it.

Our most critical RL personal and financial data are sitting on a single, unprotected database server - just brilliant! Who came up with that idea? Which technical genius decided to implement billing that way? Maybe a federated system of database servers could have been used instead?

I could care less about what anyone "steals" in game, or knows about my in-world activities - including my real name. But this is just the worst possible lapse by a technical team that needs some serious outside muscle to bring it up to snuff. We're not playing around in the garage anymore when this kind of stuff happens - time to get a new team top to bottom.
_____________________
I'm unemployed and my girlfriend wants me to get a job. She thinks I'm addicted to the internet and this game.
Greene Hornet