Welcome to the Second Life Forums Archive

These forums are CLOSED. Please visit the new forums HERE


Michael Psaltery
Registered User
Join date: 6 Jun 2004
Posts: 57
09-10-2006 21:11
WOW. If I thought LLs customer service couldn't get any worse, I was wrong.
I posted the following yesterday morning, under 'Goodbye' and I see now that
it was COMPLETELY removed from the system with no notice to me. Just doesn't
show up. Very mature way to handle legitimate customer complaints about a SEVERE security breach. I'm going to have to add that to my list of complaints. I've been an occasional whiny customer, but I feel I've never gone overboard with complaints. I certainly don't think the following was unjustified. I have modified it to add a further complaint about the removal of the post.

Lindens, the reason these forums are important to customers is that they are a convenient way of communicating WITH YOU, as well as organizing and viewing the histories of these communications. It is exactly THE OPPOSITE of this new blog posting thing. But that's not really what I'm talking about here. The important fact I'd like you to note is that while I took a lot of time and consideration to iterate EXACTLY why I wish to do no further business with LL, and while you guys have been SO VERY BUSY dealing with this problem, you somehow managed to find the time NOT to respond to my post but to simply delete it as if it never existed. Good to know the Ministry of Truth is on the job. Note that I do NOT wish to cancel my account until I can verify that upon cancelation, ALL my personal data and credit card information WILL BE DELETED, since one must have an account in order to communicate with you guys.

Here is my original post:

That's it. I've been hanging on, hoping things would eventually be more like they were when I joined, but LL has finally forced me to leave for good. I will be cashing out my Lindens and cancelling any further rebilling immediately.

Aside from technical glitches, policy changes, and failure to respond in a satisfactory manner to customer service problems that have occurred since last October 2005, the ultimate failure boils down to the following:

1) LL allowed a MASSIVE breach of customer data that affects its entire customer base.

2) LL failed to alert users IMMEDIATELY of the breach, opting instead to wait two days while they investigated the cause.

3) LL has failed to explain WHAT third-party software was utilized which contained the zero-day exploit which allowed the attack, and has failed to explain why that software was used.

4) LL has played CYA with customers, encouraging them to decide for themselves if credit card information should be changed. With only a glossy explanation that seems to imply the data was securely encrypted and an admonishment that no encryption is *completely* secure. LL has failed to explain HOW secure is their encryption, how much processing power could be expected to be required to decrypt one record, nor how much time that would take, and LL has failed to estimate how much time and computing power would be required to decrypt ALL the stolen information.

5) LL has further made no effort beyond email to alert customers of compromised data, which leaves MANY customers with no idea they may be at risk.

6) LL has locked out accounts until passwords are reset, but done so over a weekend, while providing no extended hours of phone support so that people who are unable to unlock their accounts are unable in any way to receive help or to close their accounts until the next business day begins, almost 60 hours after being notified by email of the problem.

7) LL has failed to specify, exactly, what encrypted payment information was stolen.

8) LL has failed to identify whether former customers' information was retained in the compromised database, and if so, what recourse they have, nor whether they have been / will be notified.

9) LL has failed to identify whether customer billing data is retained after an account is cancelled and in what form.

10) Last, and possibly least, LL has failed to offer any sort of account credit / prorate or recompense for residents who are unable to access their accounts due to this debacle.

11) (Added in a subsequent edit) LL gave notice of this breach late the evening of September 8, well outside business hours, so that people who wish to withdraw funds and/or cancel their accounts must wait the entire weekend to do so.

12) LL Moderators removed my post of the above for no apparent reason and with no notice whatsoever.
Kelly Linden
Linden Developer
Join date: 29 Mar 2004
Posts: 896
09-11-2006 13:33
This post was likely moved or deleted because it does not contain a question for LL to answer. The Linden Answers forum is not a place to make announcements, say goodbye etc. I have moved this thread to the appropriate (though now closed) forum.

Please feel free to post any questions you have of Linden Lab in the Linden Answers forum.
- Kelly Linden