Anyone else received spam email to SL. only addresses?

[Nicola Samiam]

I received today a fake paypal phishing email to not one but two email addresses that have only ever been given to LL as avatar email addresses. One came to my alts email address, which is on a different domain to my primary avi's email.
Both email addresses are aliases and have never been used for anything other than SL. I use this method so that I can identify when email addresses given to companies are accessed by spammers.
I've submitted a support ticket, but I'm not hopeful that support will understand my concern.
Has anyone else started to receive spam to email addresses that are exclusive to SL accounts?

 

Edit - For some reason I can't reply anymore - and some earlier replies have been deleted!

@Pale Spectre - Thanks very much - Confirmation that this didn't just happen to me, or was a random directory attack. Seems obvious to me that somewhere down the line someone got the data....

Just god a response from LL Support - As expected, they have completely failed to understand the issue!

If anyone else has received spam email to email accounts that should only be known to LL, then please submit a report to LL - the more the merrier.

[Nicola Samiam]

I received today a fake paypal phishing email to not one but two email addresses that have only ever been given to LL as avatar email addresses. One came to my alts email address, which is on a different domain to my primary avi's email.
Both email addresses are aliases and have never been used for anything other than SL. I use this method so that I can identify when email addresses given to companies are accessed by spammers.
I've submitted a support ticket, but I'm not hopeful that support will understand my concern.
Has anyone else started to receive spam to email addresses that are exclusive to SL accounts?

 

Edit - For some reason I can't reply anymore - and some earlier replies have been deleted!

@Pale Spectre - Thanks very much - Confirmation that this didn't just happen to me, or was a random directory attack. Seems obvious to me that somewhere down the line someone got the data....

Just god a response from LL Support - As expected, they have completely failed to understand the issue!

If anyone else has received spam email to email accounts that should only be known to LL, then please submit a report to LL - the more the merrier.

[Griffin Ceawlin]

http://en.wikipedia.org/wiki/Directory_harvest_attack

[KarenMichelle Lane]

Niccola,

I have email accounts for my ALTs as well that are for SL communication only. Not a single non-solicited email to be received..............ever in over 5 years.  I too do this to keep my SL separate from my RL and to keep non-solicited SPAM to a minimum.

Linden Lab's track record on protecting it's members information has been sterling for 10 years.

Question: have you ever used any of the affected accounts to purchase Lindens from a 3rd party exchange> I have way less confidence with these services.

Griffin Ceawlin's response is even more likely. WTG "G":

[Nicola Samiam]

Directory attack?
So I'm expected to believe that simultaneously 2 of my own domains - (one of which is a sub domain) were attacked and the attack happened to discover the names I used ( not in any dictionary) and send spam to both those emails addresses, and only those email addresses, both of which are only registered with LL?
To have one email address on one domain spammed, then it could be a possibility, but 2? and only yhe 2 email addresses used by SL?

If i were using gmail, or hotmail and my avi names as email aliases, then I could see ts being a possibility, but not on an obscure sub domain with an obscure username.

No, the question is NOT answered.

[Griffin Ceawlin]

So, you've never gotten SPAM at an "obscure" email address before? It's a miracle! Lucky you.

[KarenMichelle Lane]

Actually the question will never be answered. Fake PayPal phishing emails are a cottage industry for scammers. So what you need to understand is why these 2 email alias's of yours received solicitations. Since we have all not received the "Please Change Your Password" notice from Linden Lab because after 10 years someone finally managed to hack into our member account database confession, I'm pretty sure you need to look at other possibilities. Over the years we've had OPs document the following methods of information theft:

 

1) PC Trojan Horse Infection

2) Downloaded Viewer with a trojan paylod in it.

3) Successful account password phishing

4) ....

 

but phishing attack purveyors buy email name lists so the real question is how long ago were your email addresses included on a valid email list?

[Nicola Samiam]

@Griffin - No, I've never received spam at an obscure email address - That's exactly my point.
Or rather, when I do receive spam to the unique aliases that are only associated with one company/account then it's because their database has been compromised.
For example, I have many such aliases for shopping sites, amazon, dropbox etc.. Most of these have never, ever received spam. Last year, I started to get spam addressed to the alias uniquely associated with Dropbox. I complained. Two weeks later Dropbox admitted that it's email database had been compromised. I closed the alias.
A key point here is that my alt has an alias email address on an entirely different domain to my primary avatar - and yet they both received the spam at the same time. Both aliases have only ever been used for SL - neither have ever sent email, and my Alt's account has not received an email since I created it - until the spam today.

@Karen - Good points - My PC is clean - and I have "real" email accounts that have never received spam on the PC. The Viewer issue may be relevant - I use Radegast, MetaVerse and Firestorm. Possibly a leak there - although so far the accounts themselves have not been accessed - they've just started receiving spam.
I don't receive spam at all, but if I did get an SL account phishing email, then it would have to have been addressed to one of my aliases in order for me to take any notice of it - and my Alt has never received any email.

Your last point is a very good one - My Alt's email alias has been the same for some years. I changed my Primary avi's email alias about six months ago.
Naturally, I will be changing both aliases and equally naturally, I wouldn't expect LL to ever admit to any data breaches!

[Pale Spectre]

Yes, indeedy. I've receieved one each for a pair of old alt accounts. Both alts have their own custom email addresses known only to Linden Lab - which doesn't bode well.

Both are the same: "Important: Unusual activity in your account", Paypal phishing emails. Both carry a link for giju1 at com. Both are flagged by my email provider as spam with:

 Contains an URL listed in the DBL blocklist,
 Contains an URL listed in the JP SURBL blocklist
 Sender listed at http://www.dnswl.org/, no trust

Pale.

 

Oh and... 10 years? Sterling not:

"*SAN FRANCISCO, CA. (September 8, 2006)* - Linden Lab reported today that it is notifying its community of a database breach, which potentially exposed customer data including the unencrypted names and addresses, and the encrypted passwords and encrypted payment information of all Second Life users. Unencrypted credit card information, which is stored on a separate database, was not compromised."

 

[Nicola Samiam]

@Pale - Thanks very much. Not just me then, nor some random dictionary attack. Seems a co-incidence that 2 people get multiple, identical spam emails to email addresses that have only ever been associated with SL accounts.

 

I've sent the headers to LL support, but I doubt they'll grasp what the issue is. Denial is not just a river in Egypt

 

Pale, it would be really useful if you could submit a support request too on this issue.

 

Out of interest, which viewer(s) do you/have you used please?

[Nicola Samiam]

Good grief, this answers portal is confusing - no comments in some views, replies shows as 8 in the overview, but only 3 in one view..

 

Anyway, @KarenMichelle - Nope. My alt has never bought anything, and I've not used 3rd party exchange vendors with my current primary avi address.

 

Dictionary attack is unlikey, for the reasons already given. Nothing is impossible, but in this case it's highly improbable that a dictionary attack would be launched on 2 separate domains and ONLY hit email aliases that have only ever been associated with SL accounts. And Pale Spectre also reported receiving the same spam emails to two of his aly accounts (with email addresses only associated with SL accounts).

[KarenMichelle Lane]

Thank you for that news item from 2006. So LL beefed things up after the 2006 incident.. So far so good. Hopefully.But where there is smoke there may be a fire.

[Nicola Samiam]

@KarenMichelle - For sure! unique and dedicated email aliases that have had no contact with anyone but LL sure seem like smoke to me!

[Nicola Samiam]

An here's the final word from good old LL "support" - The usual "we're washing our hands of it - it's nothing to do with us"

 

"I am sorry you are receiving these emails. Unfortunately we have no way to assist you with this issue. I can only suggest to change your passwords to protect your email addresses. If I can assist you with anything else please write me back responding to this email."

 

Useless.