itsjustmissy Posted November 17 Posted November 17 (edited) IT SADS ME TO SEE THAT AFTER PLAYING SECOND LIFE FOR 6 YEARS I GOT HACKED ON THE 25TH OF OCTOBER OF 37K LINDENS I MADE 2 REPORTS EVEN CALLED SL AND TO THIS DAY MY TICKETS ARE STILL BEING PROCESSED. THE FUNNY THING IS I WAS NOT THE ONLY ONE THAT WAS HACKED MULTIPLE PERSON ON FACEBOOK WERE BEING ATTACKED THAT SAME DAY AND SL RECTIFIED THEIR ISSUE MAYBE BECAUSE THEY DID HAVE FREE ACCOUNTS MAYBE. BUT MY ACCOUNT HAS ALSO BEEN ON HOLD SINCE THEN THAT IS MY STORE ACCOUNT SO WHAT AM I SUPPOSED TO DO NOW Edited November 17 by Dyna Mole [Image redacted by moderator] 4
Scylla Rhiadra Posted November 17 Posted November 17 I wish I had a solution for you beyond making a ticket. And unfortunately, posting here isn't likely to achieve much. I have heard of multiple instances of accounts being hacked, so there does seem to have been "something" going on then. It might be that LL is backlogged looking into these, which is why it is taking so long. The other possibility is that there are complications. Did you share your password with anyone, even alts, for instance? 5
Vitaliyx Posted November 17 Posted November 17 Hola, tambien me hicieron lo mismo, sacaron todo el dinero de mi tarjeta bancarias, y sacaron un total de 90.000 L$ comprando en el Marketplace con mi cuenta objetos a mi mismo avatar unos apartamentos, eso me paso el dia 26 de octubre 2024, envie varios ticket con toda la informacion adecuada, y nunca eh tenido respuestas, ayer cerraron mi cuenta y la pusieron en On Hold, no entiendo porque¿? espero que se solucione. 1 1
Vitaliyx Posted November 17 Posted November 17 translated into english Hello, they also did the same thing to me, they took all the money from my bank card, and they took a total of 90,000 L$ buying objects on the Marketplace with my account for some apartments from my same avatar, that happened to me on October 26, 2024, I sent several tickets with all the appropriate information, and I have never had any answers. Yesterday they closed my account and put it on On Hold, I don't understand why? I hope it is solved. 1 2
Clem Marques Posted November 17 Posted November 17 10 hours ago, Scylla Rhiadra said: The other possibility is that there are complications. Did you share your password with anyone, even alts, for instance? Another possibility is having used the same email & password combination in a different website. If the other website had its login information leaked, it's possible that it was stolen and used to get into your SL account. 2
Vitaliyx Posted November 17 Posted November 17 I just hope we get our money back and our accounts are removed from Hold as we are victims of theft and suffer the consequences. We work hard every day as bloggers, fashion creators, etc., and because of these bad people we now suffer the consequences. Since October 26th they have not responded to any ticket, and I was surprised that my account is on hold 😢 2
bigmoe Whitfield Posted November 17 Posted November 17 3 minutes ago, Vitaliyx said: I just hope we get our money back and our accounts are removed from Hold as we are victims of theft and suffer the consequences. We work hard every day as bloggers, fashion creators, etc., and because of these bad people we now suffer the consequences. Since October 26th they have not responded to any ticket, and I was surprised that my account is on hold 😢 if the account is on hold, it could be on hold so it can no longer be accessed while they look at everything, think of it as a safe guard. that means the only people able to access it will be the lindens only. 2 2
Vitaliyx Posted November 17 Posted November 17 11 minutes ago, bigmoe Whitfield said: if the account is on hold, it could be on hold so it can no longer be accessed while they look at everything, think of it as a safe guard. that means the only people able to access it will be the lindens only. I have been playing on this platform for more than 11 years and nothing like this has ever happened to me, I hope everything is solved and everything goes back to the way it was before. and I hope they return my money and my account 😢
Macedonio Ashley Posted November 17 Posted November 17 I was hacked too, on 27th October, my ticket still being processed. Multifactor Authenticator is useless in the website. Hackers can steal ur money easily 1
Vitaliyx Posted November 17 Posted November 17 7 minutes ago, Macedonio Ashley said: I was hacked too, on 27th October, my ticket still being processed. Multifactor Authenticator is useless in the website. Hackers can steal ur money easily Hello honey, they also put your account on hold in the virtual world ¿? 1
Macedonio Ashley Posted November 17 Posted November 17 Just now, Vitaliyx said: Hello honey, they also put your account on hold in the virtual world ¿? Hi Vitalyx, not yet, I guess coz they havent check my ticket yet, but i read on Facebook they do the same with another girl that was robbed, put the account on hold for a few days and returned her money, but she is premium so her case was solved in 2 days, for basic accounts guess we dont exist 2
Vitaliyx Posted November 17 Posted November 17 1 minute ago, Macedonio Ashley said: Hola Vitalyx, todavía no, supongo que porque aún no han revisado mi ticket, pero leí en Facebook que hicieron lo mismo con otra chica a la que le robaron, le pusieron la cuenta en espera por unos días y le devolvieron el dinero, pero ella es premium, así que su caso se resolvió en 2 días, para cuentas básicas supongo que no existimos Oh how sorry I am, I also have the account in Basic mode, which surprised me that after so many days of the theft, which was on October 26, they did not act, and on Friday, November 15, the account. "on hold" without access to the web or the virtual world, (I hope they give you a solution too, dear, we don't deserve these bad times) 😪 1
Macedonio Ashley Posted November 17 Posted November 17 2 minutes ago, Vitaliyx said: Oh how sorry I am, I also have the account in Basic mode, which surprised me that after so many days of the theft, which was on October 26, they did not act, and on Friday, November 15, the account. "on hold" without access to the web or the virtual world, (I hope they give you a solution too, dear, we don't deserve these bad times) 😪 Thanks dear, i just received today a mail saying that there was a high amount of tickets in the last weeks, and process them in the order they arrive. I think ur case will be solved soon as put the account on hold is a normal step. I will make a campaign to request that the multifactor authenticator must be required to enter the website or mp 2
Ava Bloodrose Posted November 17 Posted November 17 I hope you all get your money and accounts back asap! When you do, enable MFA maybe? 2
Macedonio Ashley Posted November 17 Posted November 17 1 hour ago, Ava Bloodrose said: I hope you all get your money and accounts back asap! When you do, enable MFA maybe? I have Multifactor enabled but its not required to enter the website and mp, website is unsafe. Multifactor just prevented them from changing my email and password. Otherwise they would have stolen my account. 3
bigmoe Whitfield Posted November 17 Posted November 17 I would go to https://haveibeenpwned.com/ Check to see if you have an email address that's been in a leak, Not saying LL has had a leak, we'd of heard about it by now, we've got some vocal people in the forum. but check and make sure the email address you use for SL is not leaked in another database from another company, I've been a victim myself in leaks, because what did I do.. use the same email address and password several places. it's always wise to check. never can be to cautious on the internet today. 2 1
Madi Melodious Posted November 18 Posted November 18 Enable two factor authentication. It adds an extra layer to logging on but well worth the extra security. 2
Macedonio Ashley Posted November 18 Posted November 18 1 hour ago, Madi Melodious said: Enable two factor authentication. It adds an extra layer to logging on but well worth the extra security. I had multifactor enabled. Website and MP dont need mulitfactor to enter. I thought i was safe with multifactor but nope. Hacker can enter and spend ur money in MP without the security code 1
Salt Peppermint Posted November 18 Posted November 18 4 hours ago, Macedonio Ashley said: I had multifactor enabled. Website and MP dont need mulitfactor to enter. I thought i was safe with multifactor but nope. Hacker can enter and spend ur money in MP without the security code while MFA doesn't help with marketplace indeed which definitely needs to be fixed, it helps A LOT with people not being able to even log into your account via viewers or access the actual transaction and cashout process. So while it's not covering everything 100% ( which it should), it's still absolutely necessary. 3
Tjay Wicken Posted November 18 Posted November 18 It sounds to me like it's time for Linden Lab to prioritize taking some action regarding the account safety. It is far too often that we hear about people having their accounts compromised and accessed via the marketplace to empty out their accounts. I understand that LL is working on implementing MFA across all authentication endpoints but if it's not something that they expect having ready in the next few days then a stopgap really needs to be put in place in the interim. If that means temporarily closing down the marketplace platform, then so be it. To anyone reading this thread and being worried about your account safety - until we hear something from Linden Lab, I strongly suggest that you have a look at your password complexity and ensure that it is as complex as possible. Second Life (unfortunately) only allows a maximum password length of 16 characters so make sure that you construct a password that takes up all 16 characters. Make use of letters, capital letters, numbers and special characters (you can use more than just "?", "!" and "#" - even ".", "(" and "+" are good characters to include.) 2 1
Ava Bloodrose Posted November 18 Posted November 18 12 hours ago, Macedonio Ashley said: I have Multifactor enabled but its not required to enter the website and mp, website is unsafe. Multifactor just prevented them from changing my email and password. Otherwise they would have stolen my account. It also prevents access to the account page where you buy L$, so they should only have been able to spend what was already in your account. It definitely needs to be extended to MP checkout page. 4
JacksonBollock Posted November 18 Posted November 18 11 hours ago, bigmoe Whitfield said: I would go to https://haveibeenpwned.com/ Check to see if you have an email address that's been in a leak, Not saying LL has had a leak, we'd of heard about it by now, we've got some vocal people in the forum. but check and make sure the email address you use for SL is not leaked in another database from another company, I've been a victim myself in leaks, because what did I do.. use the same email address and password several places. it's always wise to check. never can be to cautious on the internet today. Really good advice from @bigmoe Whitfield , it's something most people should be checking on a regular basis these days. It is a bit of a pain - so many antivirus products do this automatically for you. Lots of other good advice on this thread too, so no point me rehashing it. Finally, given anecdotal evidence that this has become more frequent over the past few months, it's worth noting that sometimes temporary vulnerabilities can be introduced during integration and/or migration projects. Just spit-balling here, but lets say a certain virtual world provider spins off its payment processing to another platform. This means data being migrated across databases - maybe some data mirroring facilties being tested and deployed. Accidents happen to the best of us and vulnerabilities can be introduced - some example risk areas are as follows: Data synchronization issues Authentication gaps between systems Temporary test configurations that accidentally make it to production. Access control misconfigurations during integration All just speculation on my part, but does reinforce the idea that we need to be vigilant and not place 100% trust in those we share our data with.
Jaylinbridges Posted November 18 Posted November 18 (edited) Just make sure ALL your SL accounts use a unique name and password. Never use either on any other account or forum. And watch your Google and Facebook passwords, that they are all unique and never used to sign into another website or game. So many websites let you use your Google account or Facebook account for a quick login to join. MFA helps if you are prone to getting phished from fake popups and websites. MP seems to be the popular hole without MFA to log into to MP, and take the longest to trace by LL and Tilia. I think LL gives themselves at least 30 days to recover your funds, with no promises. Edited November 18 by Jaylinbridges 2
JacksonBollock Posted November 18 Posted November 18 16 hours ago, Vitaliyx said: I just hope we get our money back and our accounts are removed from Hold as we are victims of theft and suffer the consequences. We work hard every day as bloggers, fashion creators, etc., and because of these bad people we now suffer the consequences. Since October 26th they have not responded to any ticket, and I was surprised that my account is on hold 😢 You probably know this already, but CC companies often provide protections against unauthorized charges - including those resulting from hacked platforms. Much less likely though for Debit Cards - and I'm guessing you definitely won't get reimbursed for L$ holdings, which should be LL's responsibility anyway - best check the LL T&Cs to see what they say about that. Visa and Mastercard for instance have zero liability policies for consumers. so worth giving your card provider a call if your situation fits. Even with Visa and Mastercard though they base their decisions normally on a determination of authorised/unauthorized, reporting timelines, and platform liability.
Wulfie Reanimator Posted November 18 Posted November 18 (edited) 2 hours ago, Jaylinbridges said: MFA helps if you are prone to getting phished from fake popups and websites. LL's version of MFA is... bad. You can log into the account dashboard without MFA, and you can purchase lindens without MFA. (You shouldn't get access to the dashboard at all!) And although you can't get in-world, you absolutely can spend the lindens on Marketplace, sending gifts to whoever. The "Billing Information", "Process Credit" and "Change Name/Password/Email" pages are MFA-protected. (Why not the rest?) But you can even disable MFA without needing MFA, all you need is access to the user's email. (This is a problem because many people still reuse passwords. It shouldn't be possible to disable MFA without support if you've lost your MFA device.) Don't get me wrong -- you should absolutely enable MFA, no excuses. It's better than not having MFA, but LL really needs to finish their patchwork. Edited November 18 by Wulfie Reanimator 5 1
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now