Jump to content

Account hacked and...

ZoeLeiSummers

By ZoeLeiSummers,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 895 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

ZoeLeiSummers

ZoeLeiSummers

Posted
Posted

A couple of days ago my other account was hacked. Someone bought gifts for people I don't know on the MP and drained my L$, then scheduled my account for deletion. I created a ticket and one of the Lindens got back to me yesterday asking my security question, which I answered. I tried to log in to the support site a few minutes ago to see if there were any updates and I can't log in. I knew my account had been suspended inworld but I was still able to log in to the support site. Now I can't do that and I have no idea what is going on or if I need to provide any more info. Has anyone had any experience with this? Is this normal?

Link to comment
Share on other sites
  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Lindal Kidd
Lindal Kidd

Absolutely incorrect. The most common way for an account to be compromised is through a phishing attack, in which the victim is directed to what appears to be an LL website, and enters their user name

Jaylinbridges
Jaylinbridges

Do you use the same password on any other account on the internet?  Is your password somehow related to something anyone can find, like your name, birthday,  pet's name, ex-GF, family names, etc.  You

Kalegthepsionicist
Kalegthepsionicist

account in sever side right ? it means someone hack Linden server lol

Posted Images

CaithLynnSayes

CaithLynnSayes

Posted
Posted

First of all, i hope you learned a hard question. Don't ever, EVER click random links and log into it. Always check the address bar on your browser and read the URL and check the certificate of said URL. I know that's hindsight right now, but it's a lesson nonetheless.

You said you had contact with LL about this issue, i'm assuming you had your current email address on file in that account and checked if it's still the correct one? Also, when you had contact with LL you should have had an email about that. Don't quote me on that, but i do believe that email has information on how to keep in touch with them about this issue. I think you can even call LL, i think you can find the number on the website or google.

  • Like 1
Link to comment
Share on other sites
Lindal Kidd

Lindal Kidd

Posted
Posted

...or, they may just ban you.

I hope not, and I don't like to be the bearer of (potentially) bad news, but according to the Terms of Service we all agreed to, the owner of an account (you) is responsible for everything that is done with that account. In some cases, LL will simply assume that everything that happened was either due to your carelessness, or your deliberate choice to allow someone else access to your account. If the account was used to steal other accounts or commit fraud, they may just ban you, as being the simplest solution all around.

Sometimes, LL seems to have learned its judicial lessons from King Solomon.

Good luck, and I hope I am wrong.

Link to comment
Share on other sites
Jaylinbridges

Jaylinbridges

Posted
Posted (edited)
25 minutes ago, ZoeLeiSummers said:

I know never to click unknown links or accept things from people I don't know. I have no idea how this happened.

Do you use the same password on any other account on the internet?  Is your password somehow related to something anyone can find, like your name, birthday,  pet's name, ex-GF, family names, etc.  You claim you were never phished.  No one can figure out your password without some good clues, since it would take forever to guess your password otherwise, even if a password detector could guess it in 1,000 tries.  Does Google Chrome password check reveal any compromised passwords, or weak passwords in the Autofill section?  Usually your password is discovered rather directly, as in they phished you. 

I remember one friend who wanted to be a model.  She splashed her modeling photos on a dozen websites, including Facebook and in Second Life.  Guess what her secret password was for most of her online accounts:  model  

And she wasn't even blond.

 

Edited by Jaylinbridges
  • Haha 7
Link to comment
Share on other sites
Kalegthepsionicist

Kalegthepsionicist

Posted
Posted
8 hours ago, ZoeLeiSummers said:

A couple of days ago my other account was hacked. Someone bought gifts for people I don't know on the MP and drained my L$, then scheduled my account for deletion. I created a ticket and one of the Lindens got back to me yesterday asking my security question, which I answered. I tried to log in to the support site a few minutes ago to see if there were any updates and I can't log in. I knew my account had been suspended inworld but I was still able to log in to the support site. Now I can't do that and I have no idea what is going on or if I need to provide any more info. Has anyone had any experience with this? Is this normal

account in sever side right ?

it means someone hack Linden server lol

  • Confused 6
Link to comment
Share on other sites
Lindal Kidd

Lindal Kidd

Posted
Posted
2 hours ago, Kalegthepsionicist said:

account in sever side right ?

it means someone hack Linden server lol

Absolutely incorrect. The most common way for an account to be compromised is through a phishing attack, in which the victim is directed to what appears to be an LL website, and enters their user name and password, giving it to the scammer.

  • Like 10
Link to comment
Share on other sites
Jaylinbridges

Jaylinbridges

Posted
Posted (edited)
20 hours ago, Kalegthepsionicist said:

account in sever side right ?

it means someone hack Linden server lol

wrong  and wrong

account passwords are never stored in the "linden server".

They are encrypted  in your own computer, based on hardware configurations, and can never be decoded without the encryption key, which is generated by your local computer and unknown to anyone else on the internet, including SL servers (on the AWS cloud).

There - I crossed out the misinformation. my excuse was too much wine

I still don't think the "linden server" was hacked - AWS would be in trouble

Edited by Jaylinbridges
  • Haha 1
Link to comment
Share on other sites
Teagan Tobias

Teagan Tobias

Posted
Posted
2 hours ago, Jaylinbridges said:

wrong and wrong

account passwords are never stored in the "linden server".

They are encrypted  in your own computer, based on hardware configurations, and can never be decoded without the encryption key, which is generated by your local computer and unknown to anyone else on the internet, including SL servers (on the AWS cloud).

 

 

Interesting, so how do I log in from a different computer, one I install the viewer on and have no problem logging in from? And yes I have done that.

 

  • Like 2
  • Thanks 1
Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
Posted
3 hours ago, Jaylinbridges said:

wrong and wrong

account passwords are never stored in the "linden server".

They are encrypted  in your own computer, based on hardware configurations, and can never be decoded without the encryption key, which is generated by your local computer and unknown to anyone else on the internet, including SL servers (on the AWS cloud).

 

I don't know much about how that all works but seems to me the linden servers have to have to have passwords stored on them since I certainly input passwords to access the main page, marketplace and forums and obviously the viewers and/or browsers need to be able to compare my input to what Secondlife servers have on file. The hardware encryption as far as I can tell is only relevant on the S/L Viewer and the FS viewers. I have never had to redo my passwords on any other TPV's after a Windows update has changed the hardware configuration, nor have I needed to on any browser logins. It is in fact the browser saved password file I have to access to redo my Firestorm logins to be able to log back inworld. I don't get why the FS team nor the Lab bother with hardware encryption tbh.

 

Link to comment
Share on other sites
LittleMe Jewell

LittleMe Jewell

Posted
Posted (edited)
11 hours ago, Kalegthepsionicist said:

account in sever side right ?

it means someone hack Linden server lol

If someone had hacked the LL servers, you can bet that there would be more than one thread about accounts being compromised.  As Lindal said, either some sort of phishing was used or social engineering (someone knows enough about the person to guess their password).

 

3 hours ago, Jaylinbridges said:

wrong and wrong

account passwords are never stored in the "linden server".

They are encrypted  in your own computer, based on hardware configurations, and can never be decoded without the encryption key, which is generated by your local computer and unknown to anyone else on the internet, including SL servers (on the AWS cloud).

 

Passwords will be stored, encrypted, on the LL Login server, typically in a database (and that does include servers/databases running in the cloud).  Otherwise, as mentioned above, nobody would ever be able to log in from a new computer.

Edited by LittleMe Jewell
  • Like 4
Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted (edited)
1 hour ago, Teagan Tobias said:

 

Interesting, so how do I log in from a different computer, one I install the viewer on and have no problem logging in from? And yes I have done that.

 

Why use two computers when you can log two accounts in on one computer using the same viewer.

 

image.png.baabb5875311a2cb8f2c01bf06aa5690.png

Edited by Silent Mistwalker
  • Confused 1
Link to comment
Share on other sites
LittleMe Jewell

LittleMe Jewell

Posted
Posted (edited)
11 minutes ago, Silent Mistwalker said:

Why use two computers when you can log two accounts in on one computer using the same viewer.

I took Teagan's comment to mean something like what I do:  My desktop at home and the laptop when I'm traveling.  Also, there is the issue of a person buying a new computer. 
i.e. The comment was more about Jaylinbridges' comment about only being able to log on because of an encrypted password file on our own computer (as opposed to the general idea of logging on two accounts from one computer)

If the only way we could log on was dependent on an encrypted password file on our own computer, nobody would ever get logged on to begin with.

 

Edited by LittleMe Jewell
punctuation
  • Like 2
Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
Posted
8 hours ago, Lindal Kidd said:

Absolutely incorrect. The most common way for an account to be compromised is through a phishing attack, in which the victim is directed to what appears to be an LL website, and enters their user name and password, giving it to the scammer.

I don't think I would be so sure that the Linden servers are impregnable. A couple months ago my partners account was hacked while she was out of town with no access to her computer. I saw her account log inworld and thinking she had returned home, jumped over to greet her. Already on seeing her I suspected something was amiss just by where she was on our parcel and her response to my greeting confirmed that this was not my partner. After 12+ years of being together, one has a pretty good idea of how the SO greets and talks. On challenging the person behind my partner's avi, the person jumped away and made the online status and location invisible to me. I phone texted my partner to confirm it was not her which she affirmed and because she didn't have access to a computer, she relayed her account password to me to change her password and stop the hacker. I logged in to her account, changed the password and then used a viewer to log her account inworld, thereby knocking the hacker off. 

The password up to then was old and only moderately secure and so I replaced it with a stronger one that the S/L site said was good. Always a possibility that through the years her account may have been compromised but never used until that point but then it got interesting because after about 5 minutes or so of being logged into her account on the new password and just looking to see if anything was disturbed, I was suddenly logged out due to another viewer logging in. The hacker had within minutes gained access to the updated login information and logged back in. Other than accessing the S/L account page and the most up to date viewer, I had not been anywhere else, so no phishing attacks or questionable viewer. I immediately went back to the account page and this time put in a very strong password and used it to relog to her inworld account, again disconnecting the hacker who was still on it as I could see by my alt account my partner was also friends with. After that change there was no more logins from unknown sources but honestly don't know whether that was because they just thought it was not worth the bother to pursue it or because the password was too strong. As nothing was taken from the account and in my short conversation with the hacker it seemed the intent was more to just have some fun with the account then any real maliciousness, it still begs the question for me as to how they were able to get the second password in such a short period of time. Only myself, the viewer and the Linden site knew what it was.

There is a saying that the only companies that have not been hacked, are those who don't know they been hacked. I don't know if that was the case here or not but to say phishing or social engineering are the only ways an account can be compromised may be short-sighted and blinding ourselves to other avenues.

  • Like 1
Link to comment
Share on other sites
Profaitchikenz Haiku

Profaitchikenz Haiku

Posted
Posted
19 minutes ago, Arielle Popstar said:

The hacker had within minutes gained access to the updated login information and logged back in.

Very puzzllng. The only explanation I can think of was that they were still logged into the account page during the time you changed the password, but even that scenario is stretching it, how could they then log back inworld, etc.

I assume you got this episode to Linden Lab's attention.

Link to comment
Share on other sites
Teagan Tobias

Teagan Tobias

Posted
Posted
55 minutes ago, LittleMe Jewell said:

I took Teagan's comment to mean something like what I do:  My desktop at home and the laptop when I'm traveling.  Also, there is the issue of a person buying a new computer. 
i.e. The comment was more about Jaylinbridges' comment about only being able to log on because of an encrypted password file on our own computer (as opposed to the general idea of logging on two accounts from one computer)

If the only way we could log on was dependent on an encrypted password file on our own computer, nobody would ever get logged on to begin with.

 

 

Yes, its a different computer on my desk. I loaded Mint 20.1 to play with on an old computer to see how SL ran on that computer, ran fine, I use 19.3 on my desktop. So different computer and different OS and no problem logging in to SL.

 

Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
Posted
11 minutes ago, Profaitchikenz Haiku said:

Very puzzllng. The only explanation I can think of was that they were still logged into the account page during the time you changed the password, but even that scenario is stretching it, how could they then log back inworld, etc.

I assume you got this episode to Linden Lab's attention.

I wondered that if assuming there are multiple login servers, they did not all update immediately on my changes and the hacker was able to login via the older password.

  • Like 1
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 895 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...