A Linden looks for griefers in Second Life who have disabled a sim with malicious scripts last year. Screenshot by Prokofy Neva.
Yesterday, I couldn't log on to my Second Life account because my password wouldn't work. I kept trying to check the log on and the caps lock and such, and meanwhile thought to go on Twitter to see if it was "just me" or if SL itself was down or if there was a massive lock-out as there was once in 2006 I believe, when they had to reset all the passwords automatically after a zero-day exploit.
But then I found I was locked out of my Twitter account for Prokofy as well. I decided this could well be a hack of me personally, because just this week I also got one of those trojans viruses that re-sent a spam email out to my entire address book, and I'm still hearing from people all over the world telling me I am "hacked". I see so many of these "hey, check this out" emails and delete so many of them unconsciously that I marvel that there are people who get them and think they are real and wonder what I am "up to", but there it is, maybe they don't get as much email and spam as I do, I guess..
I tried to get Twitter to send me my password to an email address, then I couldn't seem to get that email open.
So meanwhile I called the Concierge service and they told me they'd sent out automatic emails telling certain accounts they had been breached -- my emails were found in the spam file.
Dear Second Life user,
It has come to our attention that a site
you visit may have suffered a security breach. The owner of the site,
Anshe Chung, informed us of the matter and is taking steps on her end to
ensure the security of her sites. For further details on the breach
please contact her Customer Support directly.
Because you may use
or have used her site in conjunction with your Second Life account, we
have chosen to act with an overabundance of caution to protect your
Second Life account from possible unauthorized access by scrambling the
password.
To change the password on your account please go to https://secondlife.com/my/account/request.php (or go to secondlife.com
and choose the “Forgot your login information?” option from the Login
page). An email will be sent to the address associated with your Second
Life account with instructions. Please note that you will need to
provide the answer to your Account Security Question.
If you are not able to complete the above process please submit a Support case by going to https://support.secondlife.com/create-case/ (or support.secondlife.com and choose the “Submit A Support Case form” option).
Please
do NOT use the same password for your Second Life that you had
previously used, and do not use a password you use on any other site.
Best,
Linden Lab
I haven't rented land from Anshe Chung for something like five years or more, but I guess my information is still in her database. And to use her system and pay her rent, you have to use inworld terminals in SL, which is why her website connects to Second Life. Some people might use the same passwords for both services, but I don't think that's why LL decided to send out these resets -- it's more likely because of the connection with the inworld terminal for payments.
Just then I read also that Twitter had been hacked, and that 250,000 accounts, from 2007, which is when I joined, were compromised and automatically reset.
There's this exchange on Twitter:
Sp3ct3r @Th3Sp3ct3r@6 I love it how no one has discussed the technique used to breach Twitter yet? Ask yourselves why?
But of course, it is being discussed, probably not so publicly.
The Washington Post reported on this and says it has been hacked as well, but it is revealing an old hack, not describing that it was attacked yesterday.
Here's a hypothesis:
Kyle Maxwell @kylemaxwell@Th3Sp3ct3r @6 I suspect an API bug that allowed connected services to get more data than intended, similar to DM issue a few wks ago
Whenever I see at least three services I used all hacked, and all hacked so that only part of the customer base is affected, I say, "hey, guys, that's an awful lot of trouble to go to in order to hack me!"
Just kidding. You do have to wonder why a hacker would only target 2007 users or whether that's just accidental as the sub-set that they happened to reach.
Recent Comments