Sign in to follow this  
Nicolette Lefevre

Client-Data leaks from LL !!!

Recommended Posts

I doubt your receipt of spam is at all linked to Linden Lab. Spammers have numerous routes to discover your name (and other personal info) from any email address. They have their methods, its just a matter of connect the dots across the interwebs.

I love gmail cause I never see spams unless I look in my Spam folder. Gmail is very good at detecting spams, unlike other email services I have tried.

Yes my spam folder is always very full of new material so Gmail spam filter does its job nicely :matte-motes-bashful-cute:

Ooh just noticed my postcount is 666... how devilish :matte-motes-evil:

Share this post


Link to post
Share on other sites

 


WADE1 Jya wrote:

I doubt your receipt of spam is at all linked to Linden Lab. Spammers have numerous routes to discover your name (and other personal info) from any email address. They have their methods, its just a matter of connect the dots across the interwebs.

I received the spam on 3 different email-addresses. 2 of those have never been used for anything but SL. Both of these 2 can NOT be found out by try-and-error. For example my email-address for the Nicolette-account is nicole9h47c4@[somedomain.de]. The other one is similarly constructed. I host the mail-server for all the spammed addresses myself, so there also is no email-provider who could have given a spammer these addresses. There simply is NO way a spammer should even have the email-addresses. Because as I said two of those addresses have never been used for anything beside SL.

Share this post


Link to post
Share on other sites


WADE1 Jya wrote:

I doubt your receipt of spam is at all linked to Linden Lab. Spammers have numerous routes to discover your name (and other personal info) from any email address. They have their methods, its just a matter of connect the dots across the interwebs.

Please tell us two or three of those "numerous methods" that you claim to be aware of because I have a feeling you have no idea what you are talking about.

Share this post


Link to post
Share on other sites

One "numerous method" is to simply harvest the email addresses and other personal right out of your own computer as a result of a breach by a trojan or other drive-by infectious malware.

Share this post


Link to post
Share on other sites

Thanks for raising this issue with us. Protecting our users’ privacy is of the utmost importance to Linden Lab. Based on our investigation, we have determined that the spam was not the result of a security breach or our billing partner selling Second Life users’ data to any third-party.

So, what happened? Unfortunately, it looks to be a case of email addresses collected by spyware, which can happen via a third-party application or website. The advertised site is not a property of Linden Lab or any of our partners. More information about this type of activity, and how email addresses are obtained through third-party software or websites, can be found here.

Again, big thanks for bringing this to our attention. 

Share this post


Link to post
Share on other sites

email or other profiles including them.... biggest source of harvesting on the planet (gmail, yahoo, facebook, etc ad nauseam)

domain contact information, every time you post your email in a pucblic place, various back ground check services, the list goes on and on and on.... and those are just the legit sources

 

 

Share this post


Link to post
Share on other sites

Jinx FJ - I mentioned drive-by malware first *laugh* Time to insert another PSA on the dangers of Windows and Internet Exploder and how it is a favorite attack vector. Then, a PSA for http://browserspy.dk which shows just how much information your browser reveals about you. Follow that with an ad for Firefox 4 with NoScript and the extensive list of web-based attack types NoScript protects against. Next an ad for Shields Up at GRC https://www.grc.com/x/ne.dll?bh0bkyd2 shows how open your computer is to direct attack from the Internet if you are not using a firewall, NAT filter, or similar connection tool. Then, let's have a late-night infomercial for the benefits of running Privoxy and Tor for the tin-foil hat crowd. This concludes our Internet security programming day. Cue the Star Spangled Banner music now over a waving flag infographic.

Share this post


Link to post
Share on other sites

 


FJ Linden wrote:

Thanks for raising this issue with us. Protecting our users’
is of the utmost importance to Linden Lab. Based on our investigation, we have determined that the spam was not the result of a security breach or our billing partner selling Second Life users’ data to any third-party.


So, what happened? Unfortunately, it looks to be a case of email addresses collected by spyware, which can happen via a third-party application or website. The advertised site is not a property of Linden Lab or any of our partners. More information about this type of activity, and how email addresses are obtained through third-party software or websites, can be found
.


Again, big thanks for bringing this to our attention.


This is BS for several reasons:

1) I received these spam-emails to 3 addresses used for SL. 2 of these are ONLY used for SL. And NONE of my other email-addresses received these spam-emails and I have dozens of addresses. One for each account on some website or other. As I said NONE of these other email-addresses received the spam. It is highly unlikely (though admittedly not impossible) for a spyware to randomly get just 3 addresses that are known to SL and none of the others. If my math is correct then the statistical probability for this is about 0.3%. (8 out of my total of 50-60 email-addresses are known to SL)

2) I know how to take care of my computer-security. I have 20+ years of experience as an IT-professional (programmer and webserver-administrator). NEVER in all those years have I had a virus/spyware on my computers. I use Firefox with Noscript-plugin to keep Java, Javascript and Flash disabled for almost all websites except trustworthy ones. BTW: Stop putting Javascript on s3.amazonaws.com as it forces me to enable Javascript for all of amazonaws.com. This is a security-hole waiting to be exploited. I already posted about this over a year ago when you first started doing this.

3) The fact that the advertised sites don't belong to LL or some partner of LL doesn't prove anything. Only a very, VERY stupid spammer would make it that easy for you.

4) We are not just talking about email-addresses here. We are also talking about RL-data associated with the email-addresses. In my case the spammer knew my RL-firstname. In one case reported by someone else it was the combination of an email-address used ONLY for SL and the full RL-name of the credit-card holder used for that account which was NOT identical with the user's RL-name. I don't see how any spyware could connect these two pieces of information.

In conclusion: Linden Lab, KEEP LOOKING!!! You are leaking this information *somewhere*.

 

Share this post


Link to post
Share on other sites

 


Allen Kerensky wrote:

Jinx FJ - I mentioned drive-by malware first *laugh* Time to insert another PSA on the dangers of Windows and Internet Exploder and how it is a favorite attack vector. Then, a PSA for
which shows just how much information your browser reveals about you. Follow that with an ad for Firefox 4 with NoScript and the extensive list of web-based attack types NoScript protects against. Next an ad for Shields Up at GRC
shows how open your computer is to direct attack from the Internet if you are not using a firewall, NAT filter, or similar connection tool. Then, let's have a late-night infomercial for the benefits of running Privoxy and Tor for the tin-foil hat crowd. This concludes our Internet security programming day. Cue the Star Spangled Banner music now over a waving flag infographic.

Thanks for proving my point just before I posted my reply to FJ. :-)

I do use Firefox 4 with Noscript. Mostly on a Mac, but some on Windows (but always with FF4+Noscript, NEVER with Internet Explorer). And I am behind a NAT. With firewall running both on my Mac and Win7.

This is why I do not believe for a second that this is caused by spyware.

 

Share this post


Link to post
Share on other sites

Yeah I am not buying the spyware explaination. Not if everyting the OP said is true about the security measures she takes... I have no reason not to beleive her.

Share this post


Link to post
Share on other sites

 

How does a spyware collect an email address if it's just used for SL and basically never touched? Answer: It can't.


Recommend you speak to your legal team under the assumption your third party, foreign company does what so many companies do - sell email addresses under the table out the back door to make ends meat.

Share this post


Link to post
Share on other sites

FJ,

I have started receiving spam since a month, more or less, on the email account I use for SL. I never ever use this account for anything else but SL, and only a few trusted people have it. Whenever I join some service on the web I always use an alias email address with the name of the web site or service in it, so that I can easily identify which web site or service has sold or is using the address to spam. Also, it's easy for me to block the alias. So, something is amiss here.

I addition, like Nicolette, between real accounts and aliases I use literally hundreds of email addresses on a domain that I specifically registered for my activities on Second Life. Guess which one is the only one receiving spam? My main account that I never use on the web. And as Nicolette I also have 20+ years working as an IT professional.

Share this post


Link to post
Share on other sites

No, see the update to my post.

I use a specific domain that I have registered for my SL activities. I have 5 accounts and 192 aliases under this domain. I never use my email accounts to join anything on the web, while each of the aliases is a registration to some web site. The only email address receiving spam is my main account. I have been receiving regular spam from the emaill address costacrociere@trilogypacesetter.com, and possibly more.

UPDATE: have a look at the screen cap of the latest email spam I received. What is interesting to note about it is that the content is in Italian and it advertises an Italian cruising line. The links at the bottom lead to a domain that has a reference to the UK. The text in the green box says that I receive the email because I have subscribed to the Intela's newsletter. I have no idea what Intela is and as I explained before I never use my main account to subscribe or join anything.

Considering that my domain is registered with an US registrar and that the nationality and address of the registrant is hidden, this means that trilogypacesetter.com not only has my email address but also my nationality.

spam.jpg

Share this post


Link to post
Share on other sites

I was all set to agree with the OP, and was typing a response about the improbability of the spyware explanation, and then I got to thinking about it, specifically about the probabilities around this:


Nicolette Lefevre wrote in part:

1) I received these spam-emails to 3 addresses used for SL. 2 of these are ONLY used for SL. And NONE of my other email-addresses received these spam-emails and I have dozens of addresses. One for each account on some website or other. As I said NONE of these other email-addresses received the spam. It is highly unlikely (though admittedly not impossible) for a spyware to randomly get just 3 addresses that are known to SL and none of the others. If my math is correct then the statistical probability for this is about 0.3%. (8 out of my total of 50-60 email-addresses are known to SL)

It doesn't have to be random.  The spyware may only be collecting information from Dragonfish/888.com-related sessions and nothing else -- especially if the whole purpose is to pump online casino ads to recipients who might likely be interested in online gambling.

The problem with this explanation is that it still requires that the computers that supplied the compromised information were in fact infected with some pretty elaborate spyware.  Seems to me that it would have to be either a keylogger or something running internal to the browser, to see the pre-SSL-encrypted data.  Either that, or the breach is, as the OP suggests, at the other end of that SSL pipe, inside Dragonfish.

Whether the leak is from Dragonfish or from spyware that targets 888.com-related properties, one would expect other businesses who use Dragonfish to have gotten complaints from their customers.  Exploring that possibility might be worth some CFO-to-CFO backchannel phone calls.

Share this post


Link to post
Share on other sites

 


Indigo Mertel wrote:

UPDATE: have a look at the screen cap of the latest email spam I received. What is interesting to note about it is that the content is in Italian and it advertises an Italian cruising line. The links at the bottom lead to a domain that has a reference to the UK. The text in the green box says that I receive the email because I have subscribed to the Intela's newsletter. I have no idea what Intela is and as I explained before I never use my main account to subscribe or join anything.

Considering that my domain is registered with an US registrar and that the nationality and address of the registrant is hidden, this means that trilogypacesetter.com not only has my email address but also my nationality.

 

I don't know if your mail-server is located in Italy or somewhere else. It's pretty easy to find out where an IP-address is located. There are free databases with IP-address-ranges and the country they belong to. I use this myself for my website to better target ads, and it takes less than a millisecond to translate from IP-address to country. So if your mail-server is located in Italy the spammer could simply use that info and send the email accordingly.

I'm not saying that the spammer did NOT get your nationality by illegal ways. I'm just saying that this is not necessarily the case.

Share this post


Link to post
Share on other sites

Nicolette, you are right. I drew conclusions too fast and I dind't think about that. But there are still valid reasons to think that some outsourced company has either leaked or sold private data. I haven't checked other spam I have received, I'll keep an eye on that.

Share this post


Link to post
Share on other sites

 


FJ Linden wrote:

So, what happened? Unfortunately, it looks to be a case of email addresses collected by spyware, which can happen via a third-party application or website.


FYI, just in order to remove any possible doubt I checked all my computers at home today. Did a full scan with Microsoft Security Essentials on my Windows7 machine and with Bitdefender on my two Macs. All 3 machines checked-out fine. No malware of any kind. Tomorrow I will check my PC in the office as well (today is a holiday here), but I have every confidence that that machine will be fine too as it has been running Microsoft Security Essentials like my other Windows computer, with a weekly scan of all files and no malware has ever been found on that machine.

So, like I already said in my earlier reply: Keep looking!!! This is NOT caused by spyware!

 

Share this post


Link to post
Share on other sites

you let images dipslay? well of course they know you nationality... it's not as if half the web doesn't use geolocation to feed content.

and while I'm not saying that LL or their affiliates are not the source, registrars may hide the whois info, but they are notoriously insecure, and have  often been party to selling off information. and stupidly pointing to the base email account as a website contact point. there are plenty of places that could have leaked at this point.

and really? MS Essentails ::shudder::

Share this post


Link to post
Share on other sites

I think if you check the default privacy setting for profiles in Viewer2 (i.e., set to "Everyone" by default) that you will have an epiphany about policy.

Share this post


Link to post
Share on other sites

 


Void Singer wrote:

and really? MS Essentails ::shudder::


Try some Google searches for "false alarm" in combination with "bitdefender", "kaspersky" or "f-secure" and you know why I will not put any of those on my computer. Antivirus is there to protect my computer. Not to render it unusable because of a false alarm.

Security is more about what you do and how you do it than about what antivirus-software you have running. Over the years I have tried various antivirus-software. Never have I actually needed it to protect me. When I get an email with an attached .exe or .pif I don't need antivirus-software to tell me that I just received a virus. Same goes for attached .doc with something like "look at this!" in the email text. And running Firefox with Noscript-plugin helps to keep you safe while websurfing.

Looking back I could even have gone without *any* antivirus and my computer would still be malware-free. Simply because I know what to do and - more importantly! - what NOT to do.

MSE is plenty good enough without being a resource-hog like the "big" antivirus solutions.

Share this post


Link to post
Share on other sites

I used to think Microsoft Security Essentials was good until I ran Malware Bytes and it found some trojans that MSE had missed. Then someone suggested I try Avast and it found some stuff that Malware Bytes had missed.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this