Account hacked by a bot?

[Essie Radford]

Several friends of mine were suddenly posting advertisement in several group. They were showing online in the Friend List, but I was sure they were sleeping. One even tried to get online in SL, but got a message that they were already online....

This was the msg that was send:

Free Lindens! Welcome All Second Life Players!
You can earn up to $750L for each survey that you complete!
Click on any of the surveys below to get started!
click the link to start winning
http://lindensforfree.noads.biz

My friends got several angry IMs in their mailbox why they were posting such crap in their group, some were even ejected from groups.

I advise ppl to change their password at least once a week... But to one friend it happened twice in 1 week...

How is this possible?

 

[Argus Collingwood]

 

---

Essie Radford wrote:

Several friends of mine were suddenly posting advertisement in several group. They were showing online in the Friend List, but I was sure they were sleeping. One even tried to get online in SL, but got a message that they were already online....

This was the msg that was send:

Free Lindens! Welcome All Second Life Players!

You can earn up to $750L for each survey that you complete!

Click on any of the surveys below to get started!

click the link to start winning

http://lindensforfree.noads.biz

My friends got several angry IMs in their mailbox why they were posting such crap in their group, some were even ejected from groups.

I advise ppl to change their password at least once a week... But to one friend it happened twice in 1 week...

How is this possible?

 

---

If they have never shared their passwords with anyone, then I suspect a connection to some alt detection tool that requires they login to an external site.

 

[Essie Radford]

They never shared their password.

And an  "alt detection tool" isnt that illigal to use?

I guess the owner of the website is known to LL... can they be blocked/banned?

[Raudf Fox]

It could also depend on their email.   Fortunately, my SL account wasn't linked to it, but my hotmail account got hacked a while back.  Password was NOT an easy one, so there was no reason they should have gotten into it... except that it was hotmail. :smileytongue:  Fortunately, it's just my junk mail/mailing lists email and they hadn't gotten around to changing my security question...

Or they used a third party site, using the same password for it as their SL account, with the same email addy and everything.  I've known people who do this and it's a nightmare to explain to at least have a different password for their email, SL and other sites!

Your friends should try an immediate password change, and if that fails, report the accounts as hacked.  LL will then put the account on administrative hold pending verification.  It's better if they can do it the moment you notice the account is online without you..  You're less likely to lose stuff, like L$ balance. 

LL is trying it's best to ban the people like this, but it's harder to do because there are several workarounds that allow the abusers/hackers right back on. 

 

[Vania Chaplin]

I have no clue on this, but today an user in the spanish forum was complaing about this issue.

All I can say is:
*change your passwords in SL account and in the email linked to them ASAP!
*than open a ticket with LL to investigate it.

___________

[Edit] It was in the Spanish Answers

[Potosi Abonwood]

Well in the Off Topic section there is this thread:

http://community.secondlife.com/t5/Off-Topic/Account-Security-Breached/td-p/745397

Might want to ask you friend if he was a user of the accused system or ever logged onto their website.

[Vincent Nacon]

Good chance that he has a spyware and/or "spammer" already know the password for the email to see what new password he changed for his SL account.

 

Tell him stop joinning 3rd party stuff with same email and same password. This happens a lot for non-geek users.

[Masta Thor]

I read that you should also make your passwords at least 12 characters long and include symbols. It's hard to remember but it will make you safer. 

[Void Singer]

just because you tell people to change their password every week does not mean they do, or do it inteligentlly.

some will use the same password for everything... bad idea....only do that for things you don't care about (like throwaway services that require you to sign up for something you'll only ever use once)

important things, like anything with the ability to collect money or spend your money, gets it's own password.

 

although if it's happened twice in one week to this friend, my suspicion is that A) someone has access to their computer (either in RL, or via a keyloger or other trojan software, especially if they have other recent accounts broken into) or B) they're full of it and really are spamming this crap to get a few L$ (you'd be suprised how many people do that voluntarily)

 

[Vincent Nacon]

In another words...  You must be this tall (I.Q. level of 110) to ride safely on the net.

 

---

Masta Thor wrote: I read that you should also make your passwords at least 12 characters long and include symbols. It's hard to remember but it will make you safer. 

---

It's not matter of how hard is it to remember, the more you use it, the better you remember it anyway.  Not just symbols but use numbers and Capital letters. However, as time passes, we would be required to have more than 12 characters and it'll keep on growing.  I remembered things used to start out requiring 4 characters...  Went from 4 to 6 to 8 to 12 so far.

My advice is... pick a password that you can remember, even if it doesn't make any sense...  but longer than 22 characters long instead. Why more than 20?  because it would take a computer over a trillion years to crack it.

Give it a try. http://howsecureismypassword.net/

Even it would take a computer thousands years to crack a stupid 20 characters long password like this "12345678901234567890"

 

Go long!

 

[Dilbert Dilweg]

 

---

Vincent Nacon wrote:

 

---

---

 

Give it a try.

http://howsecureismypassword.net/

 

 

---

Lol what an awesome way to get a bunch of people to enter their passwords so they have a full array to hack accounts with lol

How do you know this site isnt harvesting passwords lol

[Masta Thor]

Yes, it could be harvesting passwords and IP like that Redsun thing that is making the news lately. That was scary.

[Sidnella Riler]

Hope your friends account are ok, what could also happen is, someone they talk to, usually could be someone posing as a girl, will tell them they will send them a pic, and of course men usually jump to the opportunity of a pic, they take the pic, and the pic doesnt open, or so they think, when they press it, unfortunately they got a virus, a back door is opened and they can do watever in their computers, do not accept anything or do not press external links to sites you do not know

[Rhonda Huntress]

Password strength is all well and good but it is over rated.

Passwords are just door locks.  The main thing is to have a lock and use it.  If someone is targeting you specifically no matter how "strong" your password is, is can be cracked.  The whole point is to make it not worth the hacker's time. 

Given a list of account names, a hacker can be certain of at least partial success by attempting to log on to each account sequentially using the most common passwords.  Don't use those passwords because they are like leaving your door unlocked.  "Password" is a bad password.  Likewise "123456" or any other form of running numbers.  You know hackers have a list of account names.  We can see those names right here where you post!  Any simple search will net a legion of  account names to try.  You KNOW that hackers have your account name; don't give them the other half of your login for free.  You can use your mother's maiden name or a computer generated random string of 16 alpha-numeric characters and get the same results.

And finally, just like you don't hand out keys to your door to just anyone you meet, do not give your password to other people INCLUDING ANY INTERNET FORUM!!  Even if you trust the people running the forum, that site could be hacked by someone else entirely.  It is always wise to keep a healthy level of paranoia when doing anything on the internet.

[Paladin Pinion]

 

---

Vincent Nacon wrote:

It's not matter of how hard is it to remember, the more you use it, the better you remember it anyway.

 

---

I put the number/symbol parts into macros. I trigger the macro, then I type the alpha part. I get the best of both -- easy to remember the word part and I don't have to remember the symbol part. Keyloggers can't catch it either because the whole thing is never typed on the keyboard.