Jump to content

Account hacked please help


You are about to reply to a thread that has been inactive for 873 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

I'm under much frustration my accounts keitaro849 and shippo849 were hacked into and someone tried to send 55k L$ to themselves. I tried filing a support ticket but for some reason my support tickets aren't appearing after I submitted it. I quickly made action changing passwords activating MFA and removing payment methods of my cards on there. All this was going on while i was at work. I'm not sure how they hit up my accounts I didn't click on any questionable links as far as I'm aware. Is there actually an email i can contact since my support ticket seemed to vanish on its own?

  • Like 1
Link to comment
Share on other sites

8 minutes ago, shippo849 said:

Well I thought at the very least the ticket i submitted would show up in the system... Maybe it takes time to process and be seen and show up under my tickets?

Ticket should show in your ticket list almost instantly.  Refresh the screen and if it still isn't showing, I'd resubmit it.  I've never had it take more than a few seconds unless the system hiccupped during creation.

  • Like 2
Link to comment
Share on other sites

1 hour ago, CaithLynnSayes said:

Misuse of the word "hacked" yet again. - You clicked a dodgy link and 'gave' your login credentials to a script kiddy/ your computer is full of spyware...

 

I have to let go of it and let it happen, don't I? 

woosah-listening.gif.fe2dd3d9376f8017ccc9a214a65d4b99.gif

Helpful! Sympathetic!

 

Also, speculative. But hey, why not blame the victim?

  • Like 5
  • Haha 1
Link to comment
Share on other sites

1 hour ago, Scylla Rhiadra said:

Helpful! Sympathetic!

 

Also, speculative. But hey, why not blame the victim?

accounts are not hacked, they are phished, or they have used the same password in many places,  if any body remembers from 2006 when SL did have it's passwords hit,  it was like 12 accounts, they forced every one to change their passwords before they could log back in. 

  • Like 2
Link to comment
Share on other sites

38 minutes ago, bigmoe Whitfield said:

accounts are not hacked, they are phished, or they have used the same password in many places,  if any body remembers from 2006 when SL did have it's passwords hit,  it was like 12 accounts, they forced every one to change their passwords before they could log back in. 

Just because the vast majority of accounts are phished rather than hacked doesn't mean it's safe to assume that's the case in every instance of an account being compromised, doing so is indeed speculation!  The real point is this pedantic quibbling over semantics is entirely unhelpful and honestly a little hypocritical given that pretty much everyone on this forum is prone to making grammatical errors and misusing words.  For example:

42 minutes ago, bigmoe Whitfield said:

if any body remembers from 2006 when SL did have it's passwords hit

It’s is the contracted form of it is or it has whereas Its is a possessive determiner (like my, your, his) which we use when referring to things or animals.

It's or Its

  • Like 2
  • Haha 2
Link to comment
Share on other sites

2 hours ago, Fluffy Sharkfin said:

 

It’s  is the contracted form of it is or it has whereas Its is a possessive determiner (like my, your, his) which we use when referring to things or animals.

It's or Its

please do not do this to me,  I have some issues and this is one of them.   I type how I type and that's going to be the end of the discussion on it. 

  • Like 2
Link to comment
Share on other sites

1 hour ago, bigmoe Whitfield said:

please do not do this to me,  I have some issues and this is one of them.   I type how I type and that's going to be the end of the discussion on it. 

My sincere apologies, I certainly didn't mean to offend or upset you!

There's no reason to feel self-conscious about having issues communicating, Second Life is an international community and for a significant portion of that community English is not their first language so it stands to reason that everyone will have their own personal barriers to overcome when it comes to communicating with each other, which is precisely why it's important to focus on what people are trying to say rather than finding fault in how they say it.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

1 hour ago, Fluffy Sharkfin said:

 which is precisely why it's important to focus on what people are trying to say rather than finding fault in how they say it.

Normally, I'd agree.  In this case, A person does need to know there is a difference between hacked and phished so as not to repeat their mistake.

  • Like 6
Link to comment
Share on other sites

36 minutes ago, Rowan Amore said:

Normally, I'd agree.  In this case, A person does need to know there is a difference between hacked and phished so as not to repeat their mistake.

Right, in which case offering a helpful explanation about the difference between the two would be useful, but that isn't exactly the approach that was taken so suggesting that people were merely trying to be helpful and educate the OP is a little disingenuous.

  • Like 4
  • Haha 1
Link to comment
Share on other sites

9 hours ago, CaithLynnSayes said:

Misuse of the word "hacked" yet again. - You clicked a dodgy link and 'gave' your login credentials to a script kiddy/ your computer is full of spyware...

I know that others have responded to your post but I felt the need to do it too.

Unless you are the one who 'got into' the OP''s accounts, you have absolutely no idea whether they were hacked or phished. Also, you have no idea whether or not the OP clicked a dodgy link. The OP had said that s/he isn't aware of doing it. It's possible but you certainly don't know, so you are absolutely wrong to judge any of it.

The only thing that you have any sort idea about is that phishing isn't hacking, and you're certainly on thin ice there. All sorts of things are considered to be part of hacking, such as rummaging through waste bins looking for personal information that might be used as passwords. That, and many other methods, a part of hacking, so what makes you think that phishing isn't?

Edited by Phil Deakins
  • Like 6
  • Haha 2
Link to comment
Share on other sites

...shoves into the squabble, yelling "Break it up, you guys! We had this argument just last week. Break it up, or NO COOKIES FOR ANY OF YOU!"

While I, in my pedantic way, agree with CaithLynn about the difference between "hacking" and "phishing", and even more with Fluffy about the importance of correct grammar, we're here to help Shippo out of their jam. The rest is just niggles.

  • Like 8
Link to comment
Share on other sites

I should apologize: my forum account occasionally gets "hacked" by a person who gets shirty over rudeness based upon unwarranted assumptions. This hacker person also gets distressed when newish forum posters are treated badly.

I agree that it's not a bad idea to distinguish between "hacking" and "phishing," but will note that the OP clearly doesn't believe that the latter was what was responsible:

16 hours ago, shippo849 said:

I'm not sure how they hit up my accounts I didn't click on any questionable links as far as I'm aware.

A lot of this has to do with tone. Almost everyone who has responded directly to the OP did so in the spirit of helpfulness, and managed to avoid being snarky or judgmental. @LittleMe Jewelland @bigmoe Whitfielddeserve thanks for doing what I would like to think we all try to do here: provide assistance without subtext to someone who requested it. That's how I would like to think the forum operates.

My objection to one particular response was that it was, frankly, not helpful, but seemed merely to be an opportunity to indulge in a bit of smug snark, and made speculative assumptions about the cause of the OP's distress that contributed not at all to helping the latter find a solution. This kind of tone and response is characteristic of the reason some have complained about the treatment new posters here on occasion. I would like this to be a friendly, welcoming, and helpful space. Some kinds of responses don't contribute to that much.

I -- I mean, the person who hacked my forum account, of course -- should probably have just let this pass, as critiquing someone who is gratuitously nasty is probably unlikely to make them any nicer.

So, I do apologize for that, and will now exit this thread as gracefully as I can, while administering smacks on the wrist to the person who posted in my name. Whoever [she] may be.

  • Like 3
  • Haha 1
Link to comment
Share on other sites

2 hours ago, Phil Deakins said:

I know that others have responded to your post but I felt the need to do it too.

Unless you are the one who 'got into' the OP''s accounts, you have absolutely no idea whether they were hacked or phished. Also, you have no idea whether or not the OP clicked a dodgy link. The OP had said that s/he isn't aware of doing it. It's possible but you certainly don't know, so you are absolutely wrong to judge any of it.

The only thing that you have any sort idea about is that phishing isn't hacking, and you're certainly on thin ice there. All sorts of things are considered to be part of hacking, such as rummaging through waste bins looking for personal information that might be used as passwords. That, and many other methods, a part of hacking, so what makes you think that phishing isn't?

I'm a software developer/pen tester. If SL logins would be "hackable", I would know. - I'm aware that sounds incredibly arrogant, but i'm sorry, that's how it is. You don't need to be so touchie and hypersensitive about it. ;) My intend is not to make anyone look foolish or bad.

Phishing isn't hacking. Hacking is breaking into a server and stealing or even dumping (unprotected) data. Phishing is... fishing, laying out a trap. Those are very different things. Don't be so triggered about it, it's really not a big deal. If anything, you've learned something today. You're welcome 👍

 

Pen test(er): A penetration test, colloquially known as a pen test(er) or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The test is performed to identify weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths

(Source Wikipedia)

  • Like 3
Link to comment
Share on other sites

But I haven't clicked on any bad links... SO I'm not sure how they breached directly... And malwarebytes isn't picking up anything... Was it maybe from the lumiya app? I'm not sure. I mean all this happened while i was busy at work too. Although they always find the most inconvenient time to attack when they do. there's people that say media in-world has lead to some being hacked as well. Although i haven't really used or touched any media objects in SL in years. Ugh its all a nightmare, very stressful, and I'm doing what i can, changing passwords and turning on MFA and removing payment methods... I don't like the victim blaming its not fair I most definitely did not ask anyone to intentionally go out and steal and hack from me. All i can hope for now is that i just get my money back after processing the ticket. was also thinking of trying privacy.com its a good way to rule out when someone does go after my money...

 

Edited by shippo849
  • Like 2
Link to comment
Share on other sites

11 minutes ago, shippo849 said:

theres people that say media in-world has lead to some being hacked as well

I have never heard this, and I very much doubt it is possible, to be honest. What IS true is that enabling media in-world will expose your IP address, but that's of fairly limited use to anyone: it's not even a good way of identifying alts.

So far as I know, there is no way you can be "hacked" from within LL's platform: whatever happened, it happened outside of SL.

  • Like 1
Link to comment
Share on other sites

@shippo849 Do you use the same password anywhere else? If so, it's probably stolen from another website where you've used the same email and password you use to log into SL. So SL can be very secure but the same login credentials can be on a very poorly designed website that got (infact) hacked. (proper use of that word here ;)) In that case, it's just a matter of time before someone runs a database of logins and passwords against SL login system and boom, they are in. A popular one is rockyou.txt People reading in the same field as me will know what this is.

 

In case you have used the same email and password for SL anywhere else, i strongly suggest you ask yourself the question "have i been pwned". More info on > https://haveibeenpwned.com/ It is a website that will look for your email and scan known data breaches and see if your email (and leaked passwords) are found. If so, i strongly suggest you walk through ALL websites you ever created accounts for and reset passwords and make unique ones for them. You can google for "strong password generator" and , well, randomly generate passwords. Do write them down though. ;) 

 

 

Who said i can't be helpful? :D 

Edited by CaithLynnSayes
Fixed a typo but Coffee Pancake quoted me, so it's still there! damn you quotes! ;)
  • Like 2
  • Thanks 1
Link to comment
Share on other sites

9 minutes ago, Scylla Rhiadra said:

I have never heard this, and I very much doubt it is possible, to be honest.

There is a theoretical vulnerability with media on a prim as that it's basically just a web browser.

It's a rather small attack surface and would require crafting a web page targeting a specific bug in the specific version of the browser the target has built into their specific SL viewer AND getting them to open that page on a prim or on the internal browser.

Which is a lot of work with no certainty of outcome, and far more work than just asking "Babe, can I borrow your SL account to test something?"

If it ever happened, LL would update their viewer on the spot and every TPV would drop everything to do the same.

 

Keep your viewer up to date (and don't share your SL credentials) for a very high safety margin. Easy.

 

1 minute ago, Matilda Melune said:

Is that app still available on the Google Play Store?

It is not.

 

1 minute ago, CaithLynnSayes said:

@shippo849 Do you use the same password anywhere else? If so, it's probably stolen from another website where you've used the same email and password you use to log into SL. So SL can be very secure but the same login credentials can be on a very poorly designed website that got (infact) hacked. (proper use of that wore here ;)) In that case, it's just a matter of time before someone runs a database of logins and passwords against SL login system and boom, they are in. A popular one is rockyou.txt People reading in the same field as me will know what this is.

 

In case you have used the same email and password for SL anywhere else, i strongly suggest you ask yourself the question "have i been pwned". More info on > https://haveibeenpwned.com/ It is a website that will look for your email and scan known data breaches and see if your email (and leaked passwords) are found. If so, i strongly suggest you walk through ALL websites you ever created accounts for and reset passwords and make unique ones for them. You can google for "strong password generator" and , well, randomly generate passwords. Do write them down though. ;) 

 

 

Who said i can't be helpful? :D 

Wehlmdg.gif

  • Like 3
  • Thanks 1
Link to comment
Share on other sites

23 minutes ago, shippo849 said:

theres people that say media in-world has lead to some being hacked as well.

*sigh*... <deep breaths>... inworld media has no "physical" connection with your inworld logged in account. It's just a fancy web browser within your viewer. The potentially dodgy website you're opening on it has no clue it is being opened from within inworld SL, let alone what SL account is doing it. Fact check false.

  • Like 1
Link to comment
Share on other sites

3 minutes ago, Matilda Melune said:

Is that app still available on the Google Play Store? Last I heard it was no longer under develop. Always be careful of the source when attempting to side load an app to your mobile device.

The only "safe" copies of the app that exist anymore, exist on the older devices of those who bought it back then.

If you trade up a device (Android at the least) be absolutely certain to keep the old one around until you have used the proper software suite to transfer/copy your data from the old one over - otherwise you are SOL.

  • Like 2
Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 873 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...