Sign in to follow this  
Followers 0
Nicolette Lefevre

Client-Data leaks from LL !!!

60 posts in this topic

I just got two spam-emails to email-addresses that I use for my SL-accounts. One of these email-addresses I ONLY used with that SL-account and for nothing else. So nobody but LL should know that address.

Yet not only did a spammer got to know that address (nicole9h47c4@[somedomain.de]), the spam-mail was also personally addressing me with my RL first name.

Nobody but LL (aside from me myself) should possibly have that email-address and first-name information!

LL, you are leaking your clients' data!!! Either somebody stole that data from you or you yourself sold it to the spammer. Either way: STOP THAT! Or I will stop giving you my money. Which in May alone amounted to about 1500 US$.

And what also disturbs me a lot is that out my 8 SL-accounts (each with a different email-address), the two which got their email-addresses spammed are the ones for which I spend the most money. And the spam-mails were for an online-casino. Coincidence? Maybe. But maybe not...

 

-- Nicolette Lefevre

(who has already changed her SL-passwords and starts to read up on OpenSim now)

 

Share this post


Link to post
Share on other sites

Are you sure?  Spammers mail millions of addresses at a time.  Some of the addresses they mail aren't actual email addresses at all, it's like a  guessing game, but some of the addresses will turn out to be actual people's email addresses.  They hit enough of those to make it worthwhile to them, i guess. 

AFAIK, you can't stop the spammers sending to you;  you can only make use of the filter tools provided by your mail client. .  

As an example, i started up a Live Journal for my cat some years back.  Cat had his own email address soley for Live Journal notifications (not a LiveJournal email address).   A couple of months down the line and cat's email account was being spammed mercilessly.  I was convinced that this couldn't happen, but it did.  Even with having our own mail server in the shed, it happened.

I wouldn't be so quick to blame LL if i were you.

 

Share this post


Link to post
Share on other sites

Actually, the email provider also knows your email address, and probably your full name.

Share this post


Link to post
Share on other sites

Yes, I am sure. Did you see the email-address that I mentioned? nicole9h47c4@[somedomain.de]. How is a spammer going to find that out by try-and-error? And how is that spammer going to know my RL first-name, which is NOT Nicole? :-)

And why are none of my other email-addresses spammed? I have dozens. I use a different email-address for every account that I create on any website.

I am 100% sure that LL is the ONLY possible source for my data.

 

Share this post


Link to post
Share on other sites


Medhue Simoni wrote:

Actually, the email provider also knows your email address, and probably your full name.

Doesn't apply here as I host the mail-server myself. And yes, I know how to keep the mail-server secure.

 

Share this post


Link to post
Share on other sites

I'll escalate but I can assure you we do not sell our customers email addresses.

Share this post


Link to post
Share on other sites


Blondin Linden wrote:

I'll escalate but I can assure you we do not sell our customers email addresses.

Thanks for the quick response!

 

Share this post


Link to post
Share on other sites

If there is a leak at LL's end, other residents should be getting spammed too. I also use the same system that you do and create a different email address for each site. It's pretty easy to tell who's leaking your info that way. As of yet, I haven't seen any spam from my LL email addresses.

Share this post


Link to post
Share on other sites

Just out of curiosity, do you have SL IMs from that account set to forward to email?   If so, I would assume you'd never deliberately reply via email to such an IM, but we all make mistakes.  I believe SL doesn't include your email when it forwards such a reply, but it's been a couple of years since I've done that.

It seems more likely that the address and info were stolen, rather than being deliberately sold (or given).  In theory, they could be stolen from anywhere in the chain.  Certainly a security breach on LL's systems is a possibility, as is one on your server, your mail client, and anywhere in between.  I accept that you know how to secure your mail server, I'm sure LL will say the same thing, and between, you, LL, and RSA, I would have bet on RSA (a world-renown security company) being the most secure - but they've been hacked.  SL's servers are presumably a much bigger target than yours, but I wouldn't bet anything anymore on where the leak might be.

Share this post


Link to post
Share on other sites


Randall Ahren wrote:

If there is a leak at LL's end, other residents should be getting spammed too. I also use the same system that you do and create a different email address for each site. It's pretty easy to tell who's leaking your info that way. As of yet, I haven't seen any spam from my LL email addresses.

So far all spam-mails to these addresses have been in German. So they are at least targeted geographically. And only 2 of my 8 SL-accounts are affected.

Share this post


Link to post
Share on other sites


Kidd Krasner wrote:

Just out of curiosity, do you have SL IMs from that account set to forward to email?   If so, I would assume you'd never deliberately reply via email to such an IM, but we all make mistakes.  I believe SL doesn't include your email when it forwards such a reply, but it's been a couple of years since I've done that.

It seems more likely that the address and info were stolen, rather than being deliberately sold (or given).  In theory, they could be stolen from anywhere in the chain.  Certainly a security breach on LL's systems is a possibility, as is one on your server, your mail client, and anywhere in between.  I accept that you know how to secure your mail server, I'm sure LL will say the same thing, and between, you, LL, and RSA, I would have bet on RSA (a world-renown security company) being the most secure - but they've been hacked.  SL's servers are presumably a much bigger target than yours, but I wouldn't bet anything anymore on where the leak might be.

Yes, I have IMs forwarded to email. And no, I have never replied to any of those via email.

But I agree that the leak can be anywhere between LL and me. And that it is MUCH more likely the data was stolen than sold by LL. I'm sure the data didn't leak on my side. But even if it didn't happen directly at LL, it did happen somewhere between LL and me (maybe at some outsourcing partner of LL), and that still makes it LL's responsibility IMO.

Share this post


Link to post
Share on other sites

Are they definately spam or are they from Operations Department at Cassava Enterprises (Gibraltar) Ltd.?

If so a few people have had those and I`m not sure they are spam. The others were advised to contact support.

Share this post


Link to post
Share on other sites


Peewee Musytari wrote:

Are they definately spam or are they from Operations Department at Cassava Enterprises (Gibraltar) Ltd.?

If so a few people have had those and I`m not sure they are spam. The others were advised to contact support.

No mentioning of anything about Cassava Enterprises or Gibraltar. The sender-domain seems to be registered in Belgium and the server that actually sent the emails seems to be located in Phoenix, Arizona. The online-casino that was referred to in the spam has its domain registered with an address in Belize.

 

Share this post


Link to post
Share on other sites


Nicolette Lefevre wrote:


Peewee Musytari wrote:

Are they definately spam or are they from Operations Department at Cassava Enterprises (Gibraltar) Ltd.?

If so a few people have had those and I`m not sure they are spam. The others were advised to contact support.

No mentioning of anything about Cassava Enterprises or Gibraltar. The sender-domain seems to be registered in Belgium and the server that actually sent the emails seems to be located in Phoenix, Arizona. The online-casino that was referred to in the spam has its domain registered with an address in Belize.

 

Ahh, ok thats not the same ones as the others.

I wouldn`t be happy either getting those to an email address I knew was SL only.

Share this post


Link to post
Share on other sites

 


Blondin Linden wrote:

I'll escalate but I can assure you we do not sell our customers email addresses.

Another person has now reported getting the same spam-mail. This too was to an address that has only been used for SL. That report was in a thread that I started a few days ago in the German part of this forum:

http://community.secondlife.com/t5/Deutsches-Forum/Spam-Emails/td-p/883955/page/2

In that case however the spam-mail did NOT get the RL first-name right.

Share this post


Link to post
Share on other sites

I've also recieved e-mail to the account I use for SL. The leak is either from LL or whatever company LL uses to process European credit card transactions.

The e-mail was adressed using the full name of the credit card holder kind enough to let me use her card. That card has NEVER been used in conjunction with my e-mail except with LL.

Again, the mail was for an online gambling service. I never even visited any site of that type but it now seems I can gamble with someone elses data, and cash, just by buying $L's.

Get this sorted out ASAp or take the 'S' from the 'HTTPS' address as it's blatantly NOT secure.!

Share this post


Link to post
Share on other sites


Numpty Mistwallow wrote:

I've also recieved e-mail to the account I use for SL. The leak is either from LL or whatever company LL uses to process European credit card transactions.



Ah, the plot thickens. I checked my email archive and found two more spam-mails from the same sender. Those were to another Alt of mine. Also one with an email-address only used for SL. I only used my credit-card once for that account in early November 2010. Received the spam-mails on April 8th and 14th this year. One of those was for the same online-casino mentioned in today's spam. None of those emails included my first-name.

One of the two accounts which got spammed today had CC-transactions in late November 2010 and in 12/2010 and the other one also in late November 2010, 12/2010, 02/2011 and this month.

So going from this info it could be that last month's spam originated from my early-November 2010 CC-transaction while this month's spam was caused by CC-transactions from late-November 2010 or December 2010.

I have another Alt for which I used my CC once in early January 2011 which has NOT gotten any spam-mail so far. Maybe that one will get spammed next month. Would almost fit-in with the other data. We'll see... :-)

Share this post


Link to post
Share on other sites

 


Numpty Mistwallow wrote:

I've also recieved e-mail to the account I use for SL. The leak is either from LL or whatever company LL uses to process European credit card transactions.

The e-mail was adressed using the full name of the credit card holder kind enough to let me use her card. That card has NEVER been used in conjunction with my e-mail except with LL.

Again, the mail was for an online gambling service. I never even visited any site of that type but it now seems I can gamble with someone elses data, and cash, just by buying $L's.

Get this sorted out ASAp or take the 'S' from the 'HTTPS' address as it's blatantly NOT secure.!

LMAO!! Sorry sorry, NOT laughing at the situation. Just a stickler for small details and imagining a tiny man with a hugemungous hammer running up and destroying the 'S', followed by a collective moan from the unseen audience :smileyvery-happy:

Share this post


Link to post
Share on other sites

addressed to a card holder, from an online gambling site you say..... actually that does have my attention now.

I suspect the source of the leak would be the company that handles non-us payments to LL.

does one have to agree to a separate terms of service when using that company? if so, LL may actually be a victim here too... depending on their contract agreement with that company. or they may be an unwitting accomplice. this could get very interesting, very fast.

 

Share this post


Link to post
Share on other sites

As of now..yes. Eventually (as said in the ToS, LL will charge about 5 usd for every extra account per household)

Share this post


Link to post
Share on other sites

"We can have 8 accounts?"

 
"As of now..yes. Eventually (as said in the ToS, LL will charge about 5 usd for every extra account per household)"
 
 
Question? - How would LL determine a "household"?  My roommate & I live in the same house, but we each have our own computers & finance our use of SL independently.  Sometimes my boyfriend stays over too.  All 3 of us could be on SL at the same time, but we're not all in the same "household".  We each have at least one alt, .so how is SL going to determine when we have too many? 
 
Here's another scenario, what if there were several SL users living in the same college dorm?  What would their "household" be then?

Share this post


Link to post
Share on other sites


Void Singer wrote:

addressed to a card holder, from an online gambling site you say..... actually that does have my attention now.

I suspect the source of the leak would be the company that handles non-us payments to LL.

does one have to agree to a separate terms of service when using that company? if so, LL may actually be a victim here too... depending on their contract agreement with that company. or they may be an unwitting accomplice. this could get very interesting, very fast.

 

I must say I agree, can it be a coincidence that Cassava Enterprises (Gibraltar) Ltd operates Pacific Poker and is a member of the Interactive Gaming Council?  Even though the OPs emails haven`t come direct from Cassava, I wouldn`t be suprised if the leak originated there.

Share this post


Link to post
Share on other sites

As I understand it from a discussion in the old forum, they look at IP, email address, and other things. I don't think its possible to get a list of criteria they use to decide whether another account can be registered.

@Thread. Regarding the spam. Is it only europeans (or non-us people) who have been receiving these emails? And has the spam only been sendt to people with CC as payment info? [EDIT] Wondering this since it was mentioned that other have received spam emails not necessarily related to the mails the OP has received.

- Luc -

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0