I have what I think is 2 valid questions in regards to the bulletin and forum post of this incident and would like an answer from Linden Labs
I have not logged in to SL for a while because of personal reasons, but plan on getting back online sometime soon.
I only found out about this problem because a friend who has an SL account phoned me to let know me what had happened.
Another friend on mine has had an SL account for over a year but has not logged in for over 6 months (he still pays, so it is still a valid account). Until I phoned him, he did not know anything about this. How would he have found out about this, maybe through credit card fraud, or maybe worse, through identify theft... for the second time
Knowing that some people will have used the same password for SL as their email password, what is to stop the hacker from logging in to someone's SL account (once he/she as managed to decrypt all the password information), request the password change, log in to that person's email account, reset the SL password, delete the password reset email and then change the email address on the SL account to something else. Who knows what the hacker would then do.
Also having someone's email password (which happens to be the same as their SL password) what else could the hacker do.... access their paypal account maybe?
So my questions are...
Why was a simply email not sent out to every one that is on record from LL informing them what had happened?
Has paypal been notified about this, to help prevent credit card fraud should the hacker decrypt the password details and try to using someones paypal account?