Prominant Designer's acount possibly hacked to the tune of 1500 US$

LL has told her, "Wait till monday."

http://www.secondlifeherald.com/slh/2007/03/simones_account.html#comment-62928100

Actually, only one Linden told her that, but your point is well made. Personally, my response would have been "Great, that gives me a chance to talk to my lawyer--who should I have him call?"

But then, I'm generally recognized as a curmudgeon and not a pleasant person when my money has been taken from me.

Kam

And the lawyer will get back to her on Monday.

LL is usually pretty good at getting money back when an account has been hacked. I know of someone that had about L$400,000 stolen from their account. It took 2 days but the money was returned by LL. Paypal cash outs are not processed on the weekend, and the exchange API would hopefully catch any 1-day accounts that would be trying to cash out L$400,000. Liaisons are really not that powerful when it comes to things like this.

And the lawyer will get back to her on Monday.

LL is usually pretty good at getting money back when an account has been hacked. I know of someone that had about L$400,000 stolen from their account. It took 2 days but the money was returned by LL. Paypal cash outs are not processed on the weekend, and the exchange API would hopefully catch any 1-day accounts that would be trying to cash out L$400,000. Liaisons are really not that powerful when it comes to things like this.

You're right, I should have worded that differently. It was a liason (actually one of the good ones) but it would seem that a company running a 24/7 operation would have an available customer service by phone that could handle the issue in moments. If my credit card is stolen on saturday night, I don't have someone telling me to wait till monday, I can call and have the thing frozen in a second.

Exactly. Business day only CS hours were fine when LL was a small company with 100,000 users, but with 4,500,000 that's not going to cut it. I do think that LL knows this, and is working to correct the situtation, but the task is a huge one and needs to be undertaken immediately. Frankly, I don't envy them the task.



One of the advantages of living a small town with a population akin to SL during beta is that I can corner my lawyer quite readily while he's at breakfast at our local coffee house. Oddly, he's usually cornering me. Okay, there IS a downside to that (like losing my appetite at breakfast when he approaches the table and my stress levels skyrocket at the impending lecture), but at least I don't have to wait until Monday to talk to him.

Kam

Geeze, it's bad enough that a policy so unwell thought out as "unverified accounts" has allowed this to happen but to have no instant access to customer service is unbelievable. Simone stands to loose a very sizable sum of real money AND probably will have to resort to paying for legal assistance to just get a chance to get a resolution.

Such a stupid way of doing business.

Linden Labs.............start acting like a real business!!!

Hacking in to someone's account and transfering all their L$ to other people is about as criminally genius as going up to a bank teller with a gun and demanding they transfer all the money to your bank account. There'll be a trail showing exactly where it went. I feel for her because this is a really lame thing to have happen, but I really don't think the delay until tomorrow is going to allow the perpetrator to escape to the bahamas with a suitcase full of unmarked bills.

this is a good point Chip - there should be a definite paper trail. Hopefully thougt the Lindens are willing to prosecute it? Or becuase the "Linden has no value" is there no criminal reprecussion?

The goal may not be theft, but simply to cause chaos.

The unlaying problem is that there is such a huge hole in personal property (or money) in the first place. Sure there will be a "paper trail" but why make it so easy to even try? I don't have a naturally dishonest mind and I'm sure 99.9% of us in SL don't either but the 1/10th of a percent can really cause all of us grief..............and we trust the company that provides the service for all our endeavors to protect us as best they can. Linden Labs does not do that............quite obvious to me, anyway. I can see after reading the report how easily it could be done............and someone with less than honorable intentions would pick up on it a second. It's the company that asks us to put their trust in them to make our "fortunes" responsibility to provide some real protections for us. Linden Labs did not do that with their policy of unverified accounts..............and they compound the the mistake by blowing off customer service.

No, the culprits will not be off the the Bahamas with a suit case full of cash before Monday but the victim has to worry about even more being taken from her/his account while that Monday moring comes. And possibly having to call for legal assistance. Someone take 1500 USD from me and I'm madder than a hornet..........I would be livid if I could not talk to someone really in charge until the following Monday!!! I would be quite concerned for the security of my other assets. And with no way to shut the BS down till it's resolved I would be on the phone with an attorney..............not Monday, but today.

Simply put...............Linden Labs makes it way too easy for the dishonest to take advantagee of the honest. No matter how careful the honest are. A company that deals in real currency cannot shirk their duty to do everything possible to protect the people who place their trust in them. But, somehow, Linden Labs thinks otherwise.

your logon account name should not be your avatar's name

this reduces the complexity to hack into an account by a whole order of magnitude.

No where else on the internet is your user name so obvious.

Get real!!! Cause chaos? Risk a substantial conviction of a real crime? What the hell......I'm done with this thread.

Stupid............absolutely stupid.

Yes, absolutely. I've always thought that was a really bad idea. I'm not trying to minimize what happened in any way - just pointing out that there will be a paper trail, and as far as I'm aware LL has a good track record of taking care of these kinds of things. If it had happened to me I'd no doubt be freaking out about it myself.

It strikes me a ironic that when you take the link in the OP to the article in the Herald there is this ad running next to the story in the Herald:

wow yeah thats messed up

That is the same type of thing that Amazon and E-bay do. If it sees a game name it will place that name in the title. There really are no cheats for SL on that page. It is just the google ads at work.

I know I said I was done with this thread. But doesn't that validate what I've been harping on? Cheats? "How to's" to cheat? LL needs to address this in a very agressive way. It's only lindens...................yeah! But lindens translate to real money.

In this case $1500 USD real money.

Oh...............forgot it's a game. When it's convenient to call it a game. Game or not when real money is involved some protection is absolutely necessary.

Again.................LINDEN LABS, GET YOUR SH*T TOGETHER!!!!

Why don't you read the website before you go flying off the handle, again. It is a Google AdSense, that is all. If you goto the website you will plainly see that there are no cheats for Second Life. What exactly do you want LL to do about a site that doesn't even list Second Life on it?

I did not mean to cause confusion with the ad picture; I figured everyone would know there are fake ads created to trick the gullible; the ad in question is at the very least trying to get your email address for use by spammers, phishers, etc. One can rest well assured there aren't any SL cheats available at such a place.

The fact that the ad is fake does not detract from the irony of its placement.

So the article is bogus? In that case I suppose there are no cheats. But if the article is genuine then isn't the fact that someone can hack into the game and steal lindens (I know, LL's account site is secure....................no way would I have offered up CC information had it not been) from within the game then there are "cheats".

I don't do business in SL...........for a very good reason. If you trust LL so much with the in world game then be my guest. But know there is nothing protecting your gains. That's easy to see with lost inventory items, lost linden balances, and lost land.

I feel somewhat safe with my CC information.......but not at all with my inworld "possessions". Possesions enclude L$.

Thank god Suzy cleared that up for us. I love this place.

The article is real, Simone contacted the Herald and told them what happened and they reported it. It is the silly little advertising link on the Herald next to the article that is bogus, it's just an advertising gimick designed to catch people's attention and make them click the link. But as someone said, that doesn't detract from the irony.

As for your CC information being safer than your L$..... Maybe you weren't around, but about six months ago LL was hacked and many people's account information was accessed. At the time LL tried to tell us that it wasn't CC's that were stolen but now, six months later, they have sent out emails to over 1000 people recommending that they cancel their CCs.
I use prepaid CC's, with only the amount on them that I will actually need, for any business I do with LL, as I just do not trust their ability to be professional anymore.

It is possible that a virus, perhaps a key logger or other variants have compromised the users computer. Virus scanners DO NOT always prevent infection

That seems to me to be one clear route to understanding this problem.

If it were I I would take action to clean my computer, if necessary by a complete hard disk wipe, scan, and clean install. It would perhaps be advisable to get it done by a computer expert, as some virus types can be remarkably resilient to being removed.

Following on from that, if the user banks, uses a credit card, Pay Pall account, or uses a broker on the net, or indeed any other activity on a secure site, I suggest you take the appropriate action to secure yourself.

That is cancel credit cards, change passwords, monitor all accounts, and anything else that is necessary to protect yourself.

A very nasty problem

Regards

John

This attack seems very SL specific. It is unlikely that a virus/worm "keylogger" would target just SL accounts, with someone needing to create alts and move money around like that. People who write such keyloggers usually have bigger and easier targets (e.g., Paypal accounts) Slightly more likely is a specially built trojan horse that was given to the victim for the purpose of extracting passwords (but that would be too obvious.)

There are many avenues to a hack:

1. A weakness in the Vendor system that Simone uses.

2. Maybe someone was able to figure out Simone's password (especially close "friends" or business associates)

3. A weakness in SL's website, or in any third-party exhange website Simone uses to sell her designs.

4. A weakness in SL's client code, server code, or network protocol.

etc., none requiring keyloggers.

With so little information it's impossible to narrow-down the possibilities.

-peekay