Jump to content

Account hacked and...

ZoeLeiSummers

By ZoeLeiSummers,
in General Discussion Forum

 Share
You are about to reply to a thread that has been inactive for 898 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Nikilei

Nikilei

Posted
Posted
22 hours ago, ZoeLeiSummers said:

A couple of days ago my other account was hacked. Someone bought gifts for people I don't know on the MP and drained my L$, then scheduled my account for deletion. I created a ticket and one of the Lindens got back to me yesterday asking my security question, which I answered. I tried to log in to the support site a few minutes ago to see if there were any updates and I can't log in. I knew my account had been suspended inworld but I was still able to log in to the support site. Now I can't do that and I have no idea what is going on or if I need to provide any more info. Has anyone had any experience with this? Is this normal?

This was an issue during the spring and summer. Quite of few resellers were getting hit. It seems it is starting up again.

Link to comment
Share on other sites
  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Lindal Kidd
Lindal Kidd

Absolutely incorrect. The most common way for an account to be compromised is through a phishing attack, in which the victim is directed to what appears to be an LL website, and enters their user name

Jaylinbridges
Jaylinbridges

Do you use the same password on any other account on the internet?  Is your password somehow related to something anyone can find, like your name, birthday,  pet's name, ex-GF, family names, etc.  You

Kalegthepsionicist
Kalegthepsionicist

account in sever side right ? it means someone hack Linden server lol

Posted Images

Wulfie Reanimator

Wulfie Reanimator

Posted
Posted
5 hours ago, Jaylinbridges said:

wrong and wrong

account passwords are never stored in the "linden server".

They are encrypted  in your own computer, based on hardware configurations, and can never be decoded without the encryption key, which is generated by your local computer and unknown to anyone else on the internet, including SL servers (on the AWS cloud).

@Teagan Tobias @Odaks

Several things happen to your password when you log in, and slightly different things happen based on where you log in (viewer vs browser).

On the viewer:

  • Your password is first encrypted with MD5 on your own computer.
    • If your password is "password" then your computer will create this text: $1$5f4dcc3b5aa765d61d8327deb882cf99
  • That bit of text will be sent to LL's login server, along with other things like your username (plain text), some information about your viewer, and where you're going to appear in-world.
  • If your viewer has the "remember me / save password" option enabled, the viewer will also store some kind of encrypted file (which probably includes your username, password, and grid) somewhere on your computer.

On the browser:

  • Your password is first encrypted on your own machine, either exactly the same way as the viewer, or using some other encryption method.
  • Your login info will be sent to LL's login server.
  • If your browser has the "remember me / save password" option enabled, the browser (or an extension) will store some kind of encrypted file somewhere on your computer.

On the LL server:

  • When you create an account or change your password, it's encrypted once and stored on LL's server. They need this information to check your password in the future, but no one should be able to know the password you typed in because the encryption is one-way. They don't need to know the original input.
  • Your attempted password (which arrives encrypted) will be compared against the stored encryption. If they are identical, the original information you entered is identical, and you're allowed to log in.
  • No sane database uses reversible encryption for passwords, so no "keys" are involved.

TLDR: Your password is absolutely stored on LL's servers. It's also encrypted on your computer every time you press the "log in" button. It's only stored on your computer if you've chosen to.

  • Like 3
  • Thanks 3
Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
Posted
2 minutes ago, Silent Mistwalker said:

There is only one authentication server. Only one is needed.

Maybe but considering 50,000 accounts logging in and out could be a bit of a strain on just one server machine never mind that at the very least I would assume there are backup servers in case of failure.

Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted
Just now, Arielle Popstar said:

Maybe but considering 50,000 accounts logging in and out could be a bit of a strain on just one server machine never mind that at the very least I would assume there are backup servers in case of failure.

The authentication server is not a machine, it is software.

  • Like 1
Link to comment
Share on other sites
Wulfie Reanimator

Wulfie Reanimator

Posted
Posted (edited)
14 minutes ago, Arielle Popstar said:

Well then maybe you can suggest how a good password was hacked within 5 minutes.

To be fair, you have no idea what happened.

The likelihood that there's a rogue hacker out there who's willing and able to break into company databases and cherry-picking individual accounts is extremely low. If someone was able to break into LL's servers (and they have, 660K accounts were compromised in September 2006), they'll grab everything they can and we'd all hear about it (because LL is legally obligated to tell us).

Most likely, the password was acquired some other way. Probably either phished directly or leaked through another data breach somewhere else (which is why reusing passwords is bad practice, even if they are strong). Less likely things are keyloggers/viruses, stolen login-sessions, and blind guesses.

Edited by Wulfie Reanimator
  • Like 4
Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted
41 minutes ago, Arielle Popstar said:

Well then maybe you can suggest how a good password was hacked within 5 minutes.

 

28 minutes ago, Wulfie Reanimator said:

To be fair, you have no idea what happened.

The likelihood that there's a rogue hacker out there who's willing and able to break into company databases and cherry-picking individual accounts is extremely low. If someone was able to break into LL's servers (and they have, 660K accounts were compromised in September 2006), they'll grab everything they can and we'd all hear about it (because LL is legally obligated to tell us).

Most likely, the password was acquired some other way. Probably either phished directly or leaked through another data breach somewhere else (which is why reusing passwords is bad practice, even if they are strong). Less likely things are keyloggers/viruses, stolen login-sessions, and blind guesses.

Wulfie said it for me.

  • Like 2
Link to comment
Share on other sites
LittleMe Jewell

LittleMe Jewell

Posted
Posted
1 hour ago, Arielle Popstar said:

Maybe but considering 50,000 accounts logging in and out could be a bit of a strain on just one server machine never mind that at the very least I would assume there are backup servers in case of failure.

If there are multiple login servers, they will be defined in some sort of cluster such that they are ALWAYS kept in sync.  

  • Like 2
Link to comment
Share on other sites
Lindal Kidd

Lindal Kidd

Posted
Posted
3 hours ago, Arielle Popstar said:

I don't think I would be so sure that the Linden servers are impregnable.

I didn't say they were. I said "The most common way for an account to be compromised" is phishing.  Way back around 2005-06 LL's servers got hacked and a ton of encrypted credentials were stolen. However, it appears that the thieves never managed to decrypt them. Your story is disturbing, and (I hope) remains a very rare occurrence.

Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
Posted
1 hour ago, Wulfie Reanimator said:

Probably either phished directly or leaked through another data breach somewhere else (which is why reusing passwords is bad practice, even if they are strong). Less likely things are keyloggers/viruses, stolen login-sessions, and blind guesses.

My previous posts already pointed out that it was 5 minutes between changing to a new password and getting logged out by a viewer from another source ie hacker. I did not visit any phishing sites in the meantime and the only database that could have been breached that had the password was the s/l one, which is what allowed me to login. Brand new randomly generated password, never used anywhere else. Does copy/paste work for keyloggers and even if so, how would they have been able to pin down the location from which the password was changed as it was an ocean away from my partner.

Thinking there must be something else.

Link to comment
Share on other sites
Arielle Popstar

Arielle Popstar

Posted
Posted
11 minutes ago, Lindal Kidd said:

I didn't say they were. I said "The most common way for an account to be compromised" is phishing.  Way back around 2005-06 LL's servers got hacked and a ton of encrypted credentials were stolen. However, it appears that the thieves never managed to decrypt them. Your story is disturbing, and (I hope) remains a very rare occurrence.

Wasn't there also the Emerald fiasco in 2009 or 2010?

37 minutes ago, LittleMe Jewell said:

If there are multiple login servers, they will be defined in some sort of cluster such that they are ALWAYS kept in sync.  

That is the theory but isn't the reality often somewhat different?

Link to comment
Share on other sites
LittleMe Jewell

LittleMe Jewell

Posted
Posted
31 minutes ago, Arielle Popstar said:
1 hour ago, LittleMe Jewell said:

If there are multiple login servers, they will be defined in some sort of cluster such that they are ALWAYS kept in sync.  

That is the theory but isn't the reality often somewhat different?

Very, very highly unlikely.  When servers are clustered, it is the underlying clustering software that keeps things in sync --- nothing that LL specifically does.  Believe me, the industry would blow up if any database/server clustering software did not keep things perfectly in sync. That type of thing is tested ad nauseam by tech people.

The above assumes that LL uses the same Login server(s) for all logins:  Viewer, Dashboard, Community, and MP.   
I can pretty much assure you that they do for the Dashboard and Viewer.  Possibly not for MP and/or Community.

 

Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted (edited)
2 hours ago, Arielle Popstar said:

Wasn't there also the Emerald fiasco in 2009 or 2010?

No. What happened with Emerald was it used in DDoS attacks on a particular website by a particular individual who was kicked off the team for it before LL decided enough was enough and we ended up with Pheonix.

Edited by Silent Mistwalker
Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted (edited)
1 hour ago, Profaitchikenz Haiku said:

It was Emerald themselves that were hacked and their detail exposed online, not SL

 

 

Nope. See my reply to Arielle.

 

http://secondslog.blogspot.com/2010/08/emerald-uses-loginpage-as-denial-of.html

https://nwn.blogs.com/nwn/2010/08/emerald-denies-ddos-attack.html

https://www.orange-business.com/en/blogs/connecting-technology/security/second-life-players-unknowingly-recruited-for-a-ddos-attack

Edited by Silent Mistwalker
Link to comment
Share on other sites
Profaitchikenz Haiku

Profaitchikenz Haiku

Posted
Posted (edited)
24 minutes ago, Silent Mistwalker said:

ope. See my reply to Arielle.

That was a second issue. Emerald were first shown as data-mining via their login page, the DDOS attack was against the person who had (they believed) hacked them to expose their php code running at user login. A lot of this was shown in YouTube audio clips of phone conversations between the various parties, and by Pixaleen Mistral interviews.

I was an Emerald user at the time, and followed the developing story even after I had switched viewer.

On reflection, I'm not  sure dragging this up is going to be fruitful in either the long term or short term. It exposed the worst side of TPVs and factions.

Edited by Profaitchikenz Haiku
Link to comment
Share on other sites
Silent Mistwalker

Silent Mistwalker

Posted
Posted (edited)
28 minutes ago, Profaitchikenz Haiku said:

That was a second issue. Emerald were first shown as data-mining via their login page, the DDOS attack was against the person who had (they believed) hacked them to expose their php code running at user login. A lot of this was shown in YouTube audio clips of phone conversations between the various parties, and by Pixaleen Mistral interviews.

I was an Emerald user at the time, and followed the developing story even after I had switched viewer.

On reflection, I'm not  sure dragging this up is going to be fruitful in either the long term or short term. It exposed the worst side of TPVs and factions.

I was an Emerald user. I was also on the team at the time. That is all I am going to say other than no, not under this account.

Edited by Silent Mistwalker
  • Like 1
Link to comment
Share on other sites
Jaylinbridges

Jaylinbridges

Posted
Posted (edited)
7 hours ago, Wulfie Reanimator said:

TLDR: Your password is absolutely stored on LL's servers. It's also encrypted on your computer every time you press the "log in" button. It's only stored on your computer if you've chosen to.

Ok, I was wrong, twice even in one day.  My mind was only half there when I posted after 3 classes of pretty decent Cabernet.

And of course there has to be an SL login server to verify you have the correct password, etc.....

I was thinking of an old thread, where someone refused to use Firestorm because he claimed Firestorm stored and therefore could steal your password.  I was pointing out that the stored encrypted password file was never sent to Firestorm (which could only happen if one of those evil  FS developers added a backdoor and collected passwords.)  He only trusted the SL viewer.  

If the stored password file gets corrupted, or a windows update changes something that obsoletes the key, you can't log in with the stored password.  You have to manually enter it again, and it will save it to the local encrypted file.   

For some strange reason, the password that was stored on Firestorm for some of my alts, was missing a couple days ago.  No password in the password box.  One day it was there (well the dots were there) and the next day it was blank.  I had to re-enter the password to log in.  No idea why, or why it only affected a couple alt accounts. 

Edited by Jaylinbridges
Link to comment
Share on other sites
LittleMe Jewell

LittleMe Jewell

Posted
Posted (edited)
23 minutes ago, Doris Johnsky said:

How do people even HACK an account?    It's always mystified me how this happens. 

Hacking an account password would typically involve using some sort of software designed for that purpose -- yes there is software that will do such. It typically makes password attempts based on some sort of internal logic, part of which tries a lot of 'common' passwords. 

However, hacking an individual account would be difficult in SL and most other websites as they have measures in place to lock the account after a certain number of wrong entries. 

 

Many years ago, I utilized a software program provided by a security company that was primarily designed to find database user accounts that had simplistic passwords.  At the time, I managed the databases for some Police systems.  The most common password found for the Police users was Harley followed by some number.  The other super common one was Adam12.  The program identified those, as well as any other accounts using super easy and/or common passwords.  We used the info to make people change their passwords and to tighten our security and password requirements.  That was way back before it was common to require complex and long passwords.

Edited by LittleMe Jewell
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 898 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...