Welcome to the Second Life Forums Archive

These forums are CLOSED. Please visit the new forums HERE

No email about security breach

Demophon Randall
Registered User
Join date: 27 May 2006
Posts: 3
09-10-2006 14:56
I have what I think is 2 valid questions in regards to the bulletin and forum post of this incident and would like an answer from Linden Labs

I have not logged in to SL for a while because of personal reasons, but plan on getting back online sometime soon.
I only found out about this problem because a friend who has an SL account phoned me to let know me what had happened.

Another friend on mine has had an SL account for over a year but has not logged in for over 6 months (he still pays, so it is still a valid account). Until I phoned him, he did not know anything about this. How would he have found out about this, maybe through credit card fraud, or maybe worse, through identify theft... for the second time

Knowing that some people will have used the same password for SL as their email password, what is to stop the hacker from logging in to someone's SL account (once he/she as managed to decrypt all the password information), request the password change, log in to that person's email account, reset the SL password, delete the password reset email and then change the email address on the SL account to something else. Who knows what the hacker would then do.

Also having someone's email password (which happens to be the same as their SL password) what else could the hacker do.... access their paypal account maybe?

So my questions are...
Why was a simply email not sent out to every one that is on record from LL informing them what had happened?
Has paypal been notified about this, to help prevent credit card fraud should the hacker decrypt the password details and try to using someones paypal account?
Pathfinder Linden
Administrator
Join date: 15 Mar 2005
Posts: 507
09-10-2006 16:58
Hi,

An email was sent out to every Second Life Resident on September 8th, right after we made the password change and posted information about the security issue on our blog. The subject of the email was "Important Second Life Security Bulletin and FAQ." It's possible that a spam filter might have mistakenly filtered it out of your main inbox. Please check your bulk mail/spam folder, and try searching for the subject "Important Second Life Security Bulletin and FAQ."

It's best to use different passwords for different systems, since that gives you the maximum safety in case one of your passwords is compromised. If anyone used their old Second Life password as a password for any other system (such as PayPal), it would be prudent to change it on those other systems as soon as possible.
_____________________