Account hacked and...

[Rathgrith027]

14 hours ago, Jaylinbridges said:

wrong  and wrong

account passwords are never stored in the "linden server".

They are encrypted  in your own computer, based on hardware configurations, and can never be decoded without the encryption key, which is generated by your local computer and unknown to anyone else on the internet, including SL servers (on the AWS cloud).

There - I crossed out the misinformation. my excuse was too much wine

I still don't think the "linden server" was hacked - AWS would be in trouble

That's not how this works. Linden Lab servers do in fact have your password, it's just that it's stored as a salted, encrypted hash using something like AES-256 or some other encryption technique.

I don't know about local storage, such as with viewers, but I believe that is also a salted hash and is decrypted using a unique system ID that belongs to *your* computer in its' current state. If it's modified (say for instance, you replace the CPU or one of the hard drives), the key is no longer valid and you have to reinput your credentials.

Soft Linden or someone in either InfoSec or Engineering could probably elaborate better than me on this.

Edit: Or Wulfie can, because I deadass don't read through a thread. Guess the Gacha thread kinda caused that for me - Good write up, by the way

Edited December 23, 2021 by Rathgrith027

[Silent Mistwalker]

2 hours ago, LittleMe Jewell said:

Adam12

[Rowan Amore]

20 minutes ago, Silent Mistwalker said:

Loved watching that with my dad.

[Jaylinbridges]

1 hour ago, Rathgrith027 said:

I don't know about local storage, such as with viewers, but I believe that is also a salted hash and is decrypted using a unique system ID that belongs to *your* computer in its' current state. If it's modified (say for instance, you replace the CPU or one of the hard drives), the key is no longer valid and you have to reinput your credentials.

Yes that's what I explained, and in more detail in a prior thread when password security was being discussed.  Still doesn't explain why I had to reenter a couple Alt  account passwords, when nothing was changed or updated on my computer while the rest of the accounts kept the saved passwords.  

And when I cross something out, it means it was wrong, which I also did and which you quoted.

I explained what I was thinking in a later post, which I guess you didn't get to.

 

Edited December 23, 2021 by Jaylinbridges

[Lucia Nightfire]

Speaking of password (and really anything else) protection,

@Soft Linden

How are things going on the front to protect against this latest log4j exploit? 🤔

[Profaitchikenz Haiku]

7 hours ago, Lucia Nightfire said:

How are things going on the front to protect against this latest log4j exploit? 🤔

They're probably downloading the CISA scanner from github even as we speak read.

[Arielle Popstar]

23 hours ago, LittleMe Jewell said:

Very, very highly unlikely.  When servers are clustered, it is the underlying clustering software that keeps things in sync --- nothing that LL specifically does.  Believe me, the industry would blow up if any database/server clustering software did not keep things perfectly in sync. That type of thing is tested ad nauseam by tech people.

The above assumes that LL uses the same Login server(s) for all logins:  Viewer, Dashboard, Community, and MP.   
I can pretty much assure you that they do for the Dashboard and Viewer.  Possibly not for MP and/or Community.

 

I did a search for database replication latency amazon and was surprised by the 7M + hits and realize how big of an issue it actually is. How much more so for a platform like Secondlife known for its lag at the best of times. Plenty of troubleshooting and how-to pages to help people minimize issues because.....it is and has been an issue for many to the point where Amazon has actually determined the loss of business per millisecond of database replication latency. Have to wonder if the Lab shouldn't analyze and come up with a dollar figure for how much they lose for the general lag we experience inworld. In any case, I'll chalk up the second apparent password hack to being nothing more then a a slow replicating database that allowed another to log inworld under the old password, as none of the other factors fit in the situation I mentioned.

[LittleMe Jewell]

26 minutes ago, Arielle Popstar said:

I did a search for database replication latency amazon and was surprised by the 7M + hits and realize how big of an issue it actually is. How much more so for a platform like Secondlife known for its lag at the best of times. Plenty of troubleshooting and how-to pages to help people minimize issues because.....it is and has been an issue for many to the point where Amazon has actually determined the loss of business per millisecond of database replication latency. Have to wonder if the Lab shouldn't analyze and come up with a dollar figure for how much they lose for the general lag we experience inworld. In any case, I'll chalk up the second apparent password hack to being nothing more then a a slow replicating database that allowed another to log inworld under the old password, as none of the other factors fit in the situation I mentioned.

I actually was writing out a really long extremely detailed posting about the difference in most latency issues in databases and things like login servers.............. but then decided that it just isn't worth it.

[Whispering Dawn]

Hello this is Whispering Dawn, I was hacked and i am wondering if there is any way i can get every thing i had made back?  I am a lifer and i wanted to start selling again.  My avatar looks like crap now ugh.. who ever did it this was not cool at all. 

[Rowan Amore]

12 minutes ago, Whispering Dawn said:

Hello this is Whispering Dawn, I was hacked and i am wondering if there is any way i can get every thing i had made back?  I am a lifer and i wanted to start selling again.  My avatar looks like crap now ugh.. who ever did it this was not cool at all. 

https://lindenlab.freshdesk.com/support/home

[bigmoe Whitfield]

3 hours ago, Whispering Dawn said:

Hello this is Whispering Dawn, I was hacked and i am wondering if there is any way i can get every thing i had made back?  I am a lifer and i wanted to start selling again.  My avatar looks like crap now ugh.. who ever did it this was not cool at all. 

There is no hacking,  phished (social engineered) aka giving password away or having it obtained through a leak from another site where the same password was used (people deny it, but it happens, I know I've done it.)   but was the account reactivated just recently,  inventory is not guaranteed to stay with certain account types from the understanding LL has said in the past and you would have to submit a ticket to get help with an account, none of us here are lindens.

[Whispering Dawn]

@bigmoe, thank you for your reply, it had to have been someone I know but the damage they did definitely, Not something Id want anyone to do after working so hard. pray no goes through I have never gone through anything this extreme.  Trust me I have a ticket out.  Grateful they did not take my LL's  - (18 years 1 month; 6619 days They destoryed

[Maitimo]

12 hours ago, Whispering Dawn said:

Hello this is Whispering Dawn, I was hacked and i am wondering if there is any way i can get every thing i had made back?  I am a lifer and i wanted to start selling again.  My avatar looks like crap now ugh.. who ever did it this was not cool at all. 

You do realise that sometimes, content in your inventory will disappear all on its own? It's a known fault. It may not even be actually gone.

A support ticket might still be helpful but the reason for your loss of inventory is far more likely to be bad luck than someone else's malicious intent.

[Qie Niangao]

8 hours ago, Whispering Dawn said:

Grateful they did not take my LL's 

I'm guessing this means L$s, and if so it's actually kinda unfortunate they didn't empty the L$ balance because that will often leave a trail to RL identity of the perpetrator, depending on how skilled they are at laundering the loot.

But that also means that the inventory damage would be targeted vandalism (assuming it's the result of an account hack (which @Maitimorightly points out: ain't necessarily so), rather than standard-issue account thievery. So you're probably right to conclude "it had to have been someone I know".

[Whispering Dawn]

14 hours ago, Qie Niangao said:

I'm guessing this means L$s, and if so it's actually kinda unfortunate they didn't empty the L$ balance because that will often leave a trail to RL identity of the perpetrator, depending on how skilled they are at laundering the loot.

But that also means that the inventory damage would be targeted vandalism (assuming it's the result of an account hack (which @Maitimorightly points out: ain't necessarily so), rather than standard-issue account thievery. So you're probably right to conclude "it had to have been someone I know".

yes I do believe they were someone I know not well but that I do know... but when you figure the damage to my acct its several thousands and yes I can prove it.. all i have to do is add up all from 2006 to today.  and report it to SL and SL can take care of it.  I will share the amount in total when i have it all added up.

Edited January 18, 2022 by Whispering Dawn
Additional message