Finally Stipend Response

08:26 AM, Wed 6 Jun
Weekly Stipend Payout Issue

We are aware that weekly stipends have not paid this week. We are working on the issue and will update this post when we have more information.
Thank you for your patience.

(found on community page)



Wanted to post here in case others missed this.

Ok that's one hot issue answered and acknowledged... now what about "Why the password resets".

Broccoli

from what i read only passwords had to be reset on account that had at one time accessed the 'help portal'


so perhaps the help portal was 'haq'ed' or 'glitch'ied' or something


the world may never know

We could always refer back to why the passwords reset last time. If I remember correctly, it was due to a security breach. Someone happened to hack in and access LL's data servers. Now if something like that happened again, I don't think LL would be hasty to make a blog post about it. Just think of all the investors that would pull out! People are already steamed and unsure over the whole age verification issue, so hearing about another screw up would add fuel to the fire and more reason for people not to participate in submitting their personal information.

I could be completely wrong, but this is just my current theory and it seems to make sense. Why else wouldn't LL make an announcement about the password reset, especially since it's involved quite a lot of residents? If it were an honest error, they could've just said so.

Poopmaster, (did I mention it's fun to type your name?) I think you're right. I think most of us that had the password reset issue was due to the Support Portal. My husband had never accessed the Support Portal and didn't have to has his reset. I did several times and well, had to reset it.

*chews lip* That would mean that they really, really need to get the Support Portal login system off the grid login server and allow us separate passwords for the two. I can see the website having the same password as the grid, because you can do monetary transactions from both, but you can't from the Support Portal. Same goes for the JIRA. Reduce the likeliness of a hack getting everything in one go or a glitch wiping us out in one blow.

Isn't the Support Portal where Arianna Baron reported that other residents' emails/personal info was inadvertently revealed to her? A Linden locked her thread, claiming that no such breach exists, but knowing Arianna in-world, I know she would not make up such a thing. Perhaps this is related, and the password reset has to do with accounts that may have been compromised in the Support Portal.

Thread is here: /327/9d/188684/1.html

Robin said yesterday that the password resets was a glitch in their backend support stuff..

Ah, but it wasn't a blog post, now was it? It should have been, so it could have reached the most people. After all, 'tis the blog that shows up on the login screen. If you knew by that you might have problems logging in, before you click the connect button, would you be angry? I wouldn't...

But they didn't warn us in the most broad reaching manner, so, what good is the blog?

I also had to change my password but I just followed the instructions and didn't have any problems. It cut 5 minutes out of my SL time but I survived it.

Only weird thing was the transaction list on the password change webpage. They should either remove those or limit it to showing only my transactions. Kinda freaked me out to see all the casino charges in conjunction with my password suddenly needing to be changed.

No, this is it. Because I had used the help portal. There is another thread somewhere, probably buried or deleted now. This guy went into the help portal and filled out a guest ticket, because his primary account was down - and when he sent the help ticket, it gave him other people's help tickets, full of personal details.

So, I surmise that, if you used the help function early on, a flaw in the system may have exposed your personal info, including possibly your password, if you had included it in the help ticket - to who knows who.

So, an emergency reset of all the passwords of everyone who issued help tickets would have been called for. What's more, someone may have gotten my password and reset it already - thus the verification question had to come into play.

I find it rather disheartening that a thread was closed "to prevent further supposition"

None.

coco

I had visited the support area to look around, but I had never filed anything through it, indeed I had never even looked at the forms or options for filing tickets. I literally looked at the first page only, after you 'sign on to the support portal'.

And I had to reset my password. My alt, who had never looked at the support portal, has not had to reset anything.

I'm with the ones speculating the support portal was hacked or otherwise compromised, and the immediate response of LL was to disable passwords of anyone who'd been in the support area. A good security measure to take, to protect everyone. Just, you know, lousy PR again as usual, for not telling anyone anything. And continuing to say nothing, so that we're all happily free to speculate and comment at will.

Taken in conjunction with the missing stipends coincidentally occuring around the same time, there's lots of fun stuff to talk about.

-Atashi

Rather amusing that so many people are throwing fits about not getting the L$ equivalent of the cost of a cheeseburger, but so few people seem bothered about a potential severe security lapse.

Broccoli

Oh, I'm bothered. I'm very bothered by this. Which is why I keep screaming for them to post on the blog about it. This, "Shhh, they'll forget it," attitude is really starting to grate on the nerves.

And for those who didn't submit a ticket to the Support Portal, but did log INTO the support portal.. well, I never submitted a ticket, just logged in. So, the act of logging into is what did it.

Hi guys, it sounds like my threads from a few days ago were locked and deleted. This is my first time back since posting so please allow me to explain (as long as this post appears before being deleted)-since this is going to be a POSITIVE post about Lindens I hope it gets to stay

I have been in touch daily with a Linden who is the best! He read my post, took the time to call my contact number on file on file as well as email me. we have emailed each other the past few days and we talked tonight by phone for a bit.

From what I understand there WAS a temporary glitch the night I tried to get help where I received information about other people. However, that was about May 24th and the issue was resolved right away from what I have been told. But YES this was comfirmed and I have email showing it from a Linden-please don't deny when you told me it is true

The day after I posted, a Linden has been in touch with me and I am pleased with what I have heard and I feel more confident. HOWEVER, yes I have an email from a Linden about a TEMPORARY glitch in their system which allowed me to see what I did. I made it clear to him chatting tonight that he has been wonderful and I believe what he said about that area being disabled so the info could not be compromised again. But I pointed out this is exactly why I will never verify with a third party company.HOWEVER. Lindens immediately took care of the prob I saw so it should be safe. So be assured this temporary glitchy was fixed immediately by Lindens.

Yes, there was a security issue as I have email from a Linden as proof but according to them it was rare and not viewed by many. However, I feel confident it was handled immediately and I will not share it unlesss there is proof someone was harmed by this temporary glitch or Lindens are denying outright it happened and making my integrity look bad.

Summary: yes there was a temporary problem but emails directly to me from a Linden show that info was given out due to a bug/prob but the problems I mentioned were handled a few weeks ago and I feel good about what I saw-it was handled immediately.


I appreciate LL taking the time to call and email me and get additional info to make sure this never happens again But I also make it clear to said Linden this is exactly why I will never trust a third party company with my info-

Thank you M! I see you really do care about us all and I hope that it expands through the company.

Arianna Baron

I received an email regarding the password reset.

From: [email]LindenLabs@parature.com[/email]
Subject: Password Help
Date: June 6, 2007 9:55:24 AM PDT
To: [email]LindenLabs@parature.com[/email]
Reply-To: [email]LindenLabs@parature.com[/email]

Technical changes to the new Support Portal made it necessary for us to change some passwords. If you have not already done so, please go to the website and reset your password. If you are unable to, you may call us at 866-476-9763. International residents may file a ticket through the guest login and we will get back to you as soon as possible.

Thank you
Linden Lab Support

Yeah, I got the e-mail too, two days after I had already had to change my password.

So they've had a security breach that was "was rare and not viewed by many" that gets transformed into "Technical changes to the new Support Portal made it necessary for us to change some passwords." sent to me from an address from some "parature" company of which I've never heard.

Astounding.

Parature is a company that LL sometimes uses when they have to send out bulk email. The question got raised previously in the blog, some months ago, or maybe it was back in the forums back when they were still active. Anyhow, the point is that LL does use them on occasion, so the message is legitimate. I would like to see something on the blog about it, though; the response to the situation is too hush-hush for my taste.

If the security breach was several weeks ago, and fixed immediately, as Arianna has said that Linden told her, then why are we NOW being asked to reset our passwords?

And the theory that only people who have accessed the support portal to get makes sense. My husband has had no problems logging in, did not receive the password reset email, and has never accessed the support portal. Sitting right across the room from him at the time, I crashed, and could not log back in without resetting my password. And I have used the support portal. Same thing happened to a friend we were online with, who has used the support portal - except when she crashed, she couldn't get her password reset for hours. And yes, she has accessed the support portal. She and I were both able to log in immediately with no password reset requests with alts (who have never accessed the support portal). So it may all be a coincidence, but it does seem to add support to the theory.

Here is my question. I reset my password the night I crashed. I received that email everyone is quoting from on another later day. Does that mean they want me to reset it again?

And what if all I do is reuse my original password when I reset, because I use a specific password system that helps me remember them, and choosing a different password would be a total pain to remember? (I have a lot of passwords - bank, etc. I'm sure many of you do too)

Do you all think it is dangerous to have reused the same password when I reset it? And for people (like my husband, my alt, etc) that did not receive the email, and there is nothing on the blog or login page, do they not need to worry about it? And if they don't need to know about it, maybe that is why Linden is keeping it quiet, and only contacted affected people directly. No need to upset that entire 7 million user base, right? Yeah,well they forgot about the forums I guess. And users inworld. People talk to each other. Imagine that. It's a SOCIAL NETWORK, guys!

Enough of my rant. Sorry for the length.

But seriously, do you guys think I should reset again, to a different password? Or is the problem corrected to the point that won't be necessary?

Princess Ivory

I used the portal before the glitches, had to reset my password, didn't get paid a stipend, received the password email, didn't reset my password a second time, still didn't get the stipend, can't search, can't open newly created objects, can only teleport home, seem to have most of my inventory.

Does that help?

i'll tell you what is interesting!
a few days ago there was a thread* where a resident claimed to have found a security hole in the support portal. the thread was quickly locked with a linden supplying the closing comment- "We have throughly investigated this issue and are happy to report that there is no current security issue as described."
the next day anyone having used the support portal has their passwd autmatically rest... whos blowing smoke?

* /327/9d/188684/1.html

Given that there is strong evidence that there was an unspecified, unintended disclosure of customer data by LL to parties unknown, you might be best changing your name, address, and credit cards.

The problem is that LL has seen fit not to tell us what the problem was, how much data was disclosed, and to whom. I expect that this is partly because they have no idea what information was comprimised and partly because they don't want to spook their investors with their atrocious security mechanisms.

Parature is also the company who built and is hosting the new support portal for them (support.secondlife.com is canonically d3.parature.com, and is probably round-robined with other dn.parature.com servers).

They wouldn't be owned by Aristotle, by any chance? Or Electric Sheep?