hacked Ive Been hacked :( please help!

[kovaIerI 0]

Hello, So i am currently going through a very stressful situation. Recently my main account i use has been hacked...I am currently using my old account to write this. I have called LL and I created a ticket but i'm afraid this won't help me because i have forgotten my security question..I don't know who hacked me there is rumors going around of a guy on alts is hacking people.

This is a tough situation i am the owner of my main account and who ever hacked me changed my password and email for SL login. That's is why i have called LL but its sill not helping me because i forgot my security question. I made it so long ago i kinda remember my security answer but i'm afraid to get it wrong and lose my account forever  idk what to do..this is the second time i have gotten hacked too. I hope someone can help me and i hope a Linden see's this and can help me get my account back as soon as possible.
 

 

 

Edited July 22, 2018 by jewels100

[Alwin Alcott 11,426]

you most likely won't be hacked, but you'r fished. You used a very bad (=easy to guess) password or entered it at a fraudulous website.

Iyou already contacted LL you did the right thing to do, and it's all you can do.

But, if you can't give LL the right information about the sign up for your account, they can do nothing for you.
And please... not remembering your security question?... did your mum suddenly change her name? did the street where you grew up suddenly disasppear? your favorite pet?, tháts the kind of questions you had to give a answer for.
And thats not the only thing they mostly ask, also friendlists, money, and sometimes also where you shopped, who you paid, ánd provide rl proof of identity.

Keep the tickets from support open, and answer as close as possible, thats all you can do.
If you can't give LL the answers they need it will be a lost case.

 

 

Edited July 22, 2018 by Alwin Alcott

[Callum Meriman 7,154]

As long as you didn't use fake information to sign up the Lab will help you recover your account. Submit the ticket and wait, it might be a few days. You will be asked to provide proof of who you are with a copy of your identity papers. I hope those match the details you used many years ago.

Alwin has correctly said the security questions are ones that you should know, they are not easy answers to forget - unless you faked them.

They will also ask you a few things only you/your avatar will know.

All you can do now is just stay calm and wait.

 

[Chic Aeon 17,648]

You also need to remove the NAME in your post. That is against forum rules. 

[Fionalein 4,846]

Remove those pictures and the Avatar name - you can show them to the Lab but not to the pulic. Aven if your security question was lost - they have other ways to identify your the right owner. Do as Alwin and Callum suggested and wait till the weekend is over.

Edited July 22, 2018 by Fionalein

[kovaIerI 0]

omg sorry everyone.I have never done this before

 

[Fionalein 4,846]

17 minutes ago, jewels100 said:

omg sorry everyone.I have never done this before

 

No problem - your account doesn't happen to be hacked each day - it is a situation full of stress - we can somehow understand this I guess  Good luck in retrieving your account.

Edited July 22, 2018 by Fionalein

[LittleMe Jewell 36,777]

7 hours ago, Alwin Alcott said:

And please... not remembering your security question?... did your mum suddenly change her name? did the street where you grew up suddenly disasppear? your favorite pet?, tháts the kind of questions you had to give a answer for.

As a side note here, back in my early internet days, before I realized how critical those security questions were, I really did forget some answers.  I moved every 1.5 - 3.5 years as a child, so "the street you grew up on" has a few answers.  I've had dozens of pets in my life, but 3 of those were super precious to me - and sometimes I didn't always list the same one as my favorite.  "Your favorite movie?" - Well that can surely change over time.  Way way back then, when I gave answers to those types of questions, I thought the answers made sense and I'd always think of the same thing later, however I've had this account for roughly 11 years and if I had specified a favorite movie when I signed up, it would likely be different now.

To the OP, regardless of what happens, in the future try to pick questions where the answers are not forgetful or changeable -- and record the questions & answers somewhere secure.

[Madelaine McMasters 25,193]

1 minute ago, LittleMe Jewell said:

As a side note here, back in my early internet days, before I realized how critical those security questions were, I really did forget some answers.  I moved every 1.5 - 3.5 years as a child, so "the street you grew up on" has a few answers.  I've had dozens of pets in my life, but 3 of those were super precious to me - and sometimes I didn't always list the same one as my favorite.  "Your favorite movie?" - Well that can surely change over time.  Way way back then, when I gave answers to those types of questions, I thought the answers made sense and I'd always think of the same thing later, however I've had this account for roughly 11 years and if I had specified a favorite movie when I signed up, it would likely be different now.

To the OP, regardless of what happens, in the future try to pick questions where the answers are not forgetful or changeable -- and record the questions & answers somewhere secure.

I NEVER answer security questions with real information. Should such a database get hacked, my mother's maiden name, my first teacher (Mom, Dad was #2 and those were all I had until college) and a bunch of other stuff common to those stupid questions would be leaked, compromising many other accounts asking the same stupid questions. I have sent messages to organizations using those stupid questions, saying that I find them to be violations of privacy to which I will not submit. I make up answers based on the question and a simple rule, such as "last two words of the question plus the last four digits of pi (which only I know;-)".

[Alwin Alcott 11,426]

28 minutes ago, LittleMe Jewell said:

before I realized how critical those security questions were

however i do understand the privacy issues that could happen, the explanation "why" those questions are there always been clearly explained before you picked one.

Also when you don't give the real info, it's double wise to have sort of file/paper where you write down important info.
With all secure websites these days there is no way to keep all remembered.

[Callum Meriman 7,154]

16 minutes ago, Madelaine McMasters said:

I NEVER answer security questions with real information. Should such a database get hacked, my mother's maiden name, my first teacher (Mom, Dad was #2 and those were all I had until college) and a bunch of other stuff common to those stupid questions would be leaked, compromising many other accounts asking the same stupid questions.

This idea is being mentioned a lot recently, and it has merit although it also creates it's own issues. With the rise of geneology sites, hacked databases, farcebook, and phishing it's not hard to find out people's private details.

Trouble is, if you use such methods, you really do need a decent password manager so that the answers to questions you entered 15 years are still known. Especially if the company in question will not let you change the answers/questions.

Yes, you can do it using an algorithm, but again, over 15 years or 20 years.... will it hold water. (SL20B is in 2023)

Best would be if the lab allowed us to edit some of our personal details.

[LittleMe Jewell 36,777]

19 minutes ago, Madelaine McMasters said:

I NEVER answer security questions with real information. Should such a database get hacked, my mother's maiden name, my first teacher (Mom, Dad was #2 and those were all I had until college) and a bunch of other stuff common to those stupid questions would be leaked, compromising many other accounts asking the same stupid questions. I have sent messages to organizations using those stupid questions, saying that I find them to be violations of privacy to which I will not submit. I make up answers based on the question and a simple rule, such as "last two words of the question plus the last four digits of pi (which only I know;-)".

With all my worry about the information we all provide online and with places getting hacked every time we turn around, for some odd reason I never fully considered the special question part.  I do avoid the questions that seem like things anyone can easily find out - Mother's maiden name, son's middle name, wedding date, etc...   I have made up answers before -- and definitely kept them securely recorded, but there is usually no reasoning to my made up answers.  

 

3 minutes ago, Alwin Alcott said:

  the explanation "why" those questions are there always been clearly explained before you picked one.

Yes, but when we are young and stupid (yet thinking we know all).......................

 

[Rolig Loon 26,670]

53 minutes ago, Madelaine McMasters said:

I make up answers based on the question and a simple rule, such as "last two words of the question plus the last four digits of pi (which only I know;-)".

Good idea, but  ...... no, wait ..... what ARE the "last four digits of pi"?  The pi that I know and love just keeps on chugging out digits on the road to infinity.  Even the all-knowing and powerful Wikipedia doesn't know its last four digits.  Unless..... maybe you are a much smarter engineer than I thought.  

[Madelaine McMasters 25,193]

20 minutes ago, Callum Meriman said:

This idea is being mentioned a lot recently, and it has merit although it also creates it's own issues. With the rise of geneology sites, hacked databases, farcebook, and phishing it's not hard to find out people's private details.
I don't use online services that require personal information beyond what's necessary to conduct business (name, address, ph#, cc info, etc.)

Trouble is, if you use such methods, you really do need a decent password manager so that the answers to questions you entered 15 years are still known. Especially if the company in question will not let you change the answers/questions.
As an Apple customer, I get free use of the iCloud Keychain, which does a pretty good job (and gets better every year) of storing everything under two factor authentication.

Yes, you can do it using an algorithm, but again, over 15 years or 20 years.... will it hold water. (SL20B is in 2023)
If the last four digits of pi (which only I know ;-) change, remembering passwords will the the least of my worries.

All that said, my algorithm does break if the wording of the security questions changes. Way back when I developed a few websites for clients, I allowed people to craft their own security questions, gave the reasoning behind not asking them the standard questions, and offered suggestions for crafting questions that would tap their unique knowledge without divulging it.

[Rolig Loon 26,670]

1 hour ago, LittleMe Jewell said:

in the future try to pick questions where the answers are not forgetful or changeable -- and record the questions & answers somewhere secure.

The best approach I have run across (sadly, not on many sites) allows me to make up my own security question and then provide an answer to it.  I can run with a theme like that because I can come up with all sorts of obscure trivia that almost nobody else knows, and I will never forget.  "Where were you after lunch on November 22, 1963?"  "What's the engine number on the car that Dad sold in 1968?"  "What were you doing on top of Mt. Chocorua?"

[Madelaine McMasters 25,193]

13 minutes ago, Rolig Loon said:

Good idea, but  ...... no, wait ..... what ARE the "last four digits of pi"?  The pi that I know and love just keeps on chugging out digits on the road to infinity.  Even the all-knowing and powerful Wikipedia doesn't know its last four digits.  Unless..... maybe you are a much smarter engineer than I thought.  

I'm an engineer. I can get the job done well before taking things out to infinity. So, this becomes a matter of determining just how far I'll go.

Anybody who knows me wonders that.

;-).

[Madelaine McMasters 25,193]

1 minute ago, Rolig Loon said:

"What were you doing on top of Mt. Chocorua?"

...perks.

[Rolig Loon 26,670]

2 minutes ago, Madelaine McMasters said:

...perks.

Keep on perking.  I will never tell.  

[LittleMe Jewell 36,777]

12 minutes ago, Rolig Loon said:

The best approach I have run across (sadly, not on many sites) allows me to make up my own security question and then provide an answer to it.  I can run with a theme like that because I can come up with all sorts of obscure trivia that almost nobody else knows, and I will never forget.  "Where were you after lunch on November 22, 1963?"  "What's the engine number on the car that Dad sold in 1968?"  "What were you doing on top of Mt. Chocorua?"

^^ This -- I love websites that let me create my own questions.  I've even suggested in on websites before. 

My current job issues a laptop to everyone and it is encrypted. When a person is first hired and they are setting up their passphrase and such, they have to create 5 security questions and provide the answers.  I was surprised that we got to create our own questions - and then discovered that the company used the same approach on a few other secured systems in-house.

[Candice LittleBoots 1,194]

In my early days with computers I was always told to use an 8 character password.

I used:-  SnowWhite&the7dwarfs

boom-tish!

[Alwin Alcott 11,426]

1 hour ago, LittleMe Jewell said:

Yes, but when we are young and stupid (yet thinking we know all)......................

for me that was long before internet was here...

( the young part... the other somehow is still around ,..)

Edited July 22, 2018 by Alwin Alcott

[Nalates Urriah 5,805]

One of the security measures LL uses when recovering an account is asking you to list 10 or your SL friends. Which isn't too hard until you realize you have to spell the names perfectly.

Then there is the problem of whether the hacker knows that and will quickly change them.

I have written a list of 15 to 20 friends with their names properly spelled, just in case...

I personally like the names security question as the information is useless anywhere other than SL.

General security questions do present a security risk. I use different answers to the same questions on different sites. So, I have to write that information down.

We could just shoot all the bad guys and save ourselves a lot of hassle. I hear we can get a list from Santa...

[kovaIerI 0]

I asked and they said they don't use friends list as a verification method