anyone hear about MP being hacked?

[HarleiQuinn]

Got a message about someone getting the authentication codes for the MP and hacked it .seems strange that just the other day I found out there was some 140.00 US dollars worth of Linden transactions done through my CC information. thats some 70,000 lindens that I did NOT buy.

heres the message I recieved

 "avoid logging in or buying something on the SL Marketplace. someone from England cracked the authentication this week. i saw indications of this activity myself. the person who did it stole money and accounts. the same goes for secondlife.com, the main site. LL isn't talking. i'll be in contact with a tech til this is over."

 

[Perrie Juran]

---

HarleiQuinn wrote:

Got a message about someone getting the authentication codes for the MP and hacked it .seems strange that just the other day I found out there was some 140.00 US dollars worth of Linden transactions done through my CC information. thats some 70,000 lindens that I did NOT buy.

heres the message I recieved

 "avoid logging in or buying something on the SL Marketplace. someone from England cracked the authentication this week. i saw indications of this activity myself. the person who did it stole money and accounts. the same goes for secondlife.com, the main site. LL isn't talking. i'll be in contact with a tech til this is over."

 

---

Quite frankly this sounds like you have fallen for a phishing scheme.

What was LL's response when you contacted them about the bogus charges on your account?

[HarleiQuinn]

I asked them for a complate record of every transaction on my account that pertained to buying lindens with my credit card listed on my account. I know for a FACT that I have only used it once in the past month to buy 10 US dollars worth of Lindens though they say its 140.00 and that I was buying gifts for people on the MP . I,m Still waiting for the information which they said I would recieve yesterday.I,m contacting my bank to do charge backs on the transactions. And I took of my credit card info from my account and downgraded it to a free one from Premium.

[HarleiQuinn]

thing is I don't click on any of those notices showing up in world ,etc. Well aware of the scams running amok on here. comes down to someone hacked my account and ran up 140.00 worth of purcahces and linden transactions.

[Perrie Juran]

---

HarleiQuinn wrote:

I asked them for a complate record of every transaction on my account that pertained to buying lindens with my credit card listed on my account.

---

That transaction information is available from your dashboard.  It shows each time you were billed.

Account / Account Statements.

[Dillon Levenque]

If you visit your dashboard (go to secondlife.com and login) you can see your transactions for yourself.

Click on the arrow next to 'Account' and select 'Transaction history' from the dropdown list.  You can only see the last 30 days worth but that should give you some idea. Any MP purchase will show there, and if it was a gift, I believe the giftee shows there too (if not  you can find that by looking at  your account history on MP itself).

I don't really think your statements make a lot of sense. Why would someone who had 'cracked the authentication' for the marketplace waste time buying MP gifts? Wouldn't their criminal time be better served acquiring lindens?

[HarleiQuinn]

well thats pretty much waht they did. racked up some 140.00 in Linden purchaces WHICH LL claims I used on MP purchaces which I know is wrong. My order history proves them wrong.

[Medhue Simoni]

http://status.secondlifegrid.net/2013/10/24/post2089/?utm_source=twitterfeed&utm_medium=twitter

Seems billing went thru maintenance today.

[Carl Thibodeaux]

 "avoid logging in or buying something on the SL Marketplace. someone from England cracked the authentication this week. i saw indications of this activity myself. the person who did it stole money and accounts. the same goes for secondlife.com, the main site. LL isn't talking. i'll be in contact with a tech til this is over."

That has to be some serious business.

Grammar Nazi, are you nearby?

[KarenMichelle Lane]

Let's recap a bit...

1) Regarding the maintenance activity today.

[RESOLVED] Scheduled Billing Maintenance

[9:05 AM PDT, 24 October 2013] The scheduled billing maintenance is now complete.

[postED 3:25 PM PDT, 22 October 2013] We will be performing scheduled maintenance on our billing engine Wednesday, October 23, 2013 beginning at 9:00 AM PDT. During this time our billing services including LindeX and Marketplace, will not be available. Please continue to check this blog for updates.

This is a scheduled 5 minute or 24 hour+5 minute maintenance activity. No smoking gun here.

2) The message you received itself is suspicious...especially "someone from England cracked the authentication this week"

People don't crack the authentication method per se. Login dialogs are protected using basic https security to begin with. Then once that is done you have a private dialog with a Linden Lab login daemon process on a login server. That in turn allows you to have a session with the LL equipment be it in-world or on the web.

If a 3rd party broke through Linden Lab's firewalls and manage to steal a password hash table they would also need to steal the user account database as well to make that theft useful. Why? Because the password hash table on it's own only allows someone to use a brute force attack on an individual account at a time. Long before they luck into the actual password for your account it would be locked out due to too many failed password attempts.

3) "I saw indications of this activity myself."

This is such a classic social media tease. Oh yeah, I as your trusted "new" friend was also affected and I know so many other people this has happen to... You get why this is a fake message. Yes it was sent to you, by the person who stole your account to panic you as well.

4) I do believe you have had you own account broken into. Most of those break ins happen as a result of weak passwords or shared passwords or saved passwords or walking away from a web session on a publicly accessible PC without logging out. Other reasons include using the same password on your email account login as your SecondLife account. You stand a greater chance of losing control of your email account than your SecondLife account.

5) Linden Lab has no problem taking all of SecondLife down when needed. Been there been locked out along with many other who frequent these forums.  Linden Lab keeping and I quote "Silent" on this is a patently ridiculous statement. Linden Lab would have to issue a public statement each and every day in response to someone's so-called exposure of a weakness in security just from the posts in these forums using rumors as a source.

 

The first thing YOU should have done is completely change your password (s) on your SL and email account(s) and verify your email address is still under your control.

So please share, who did you get this message from?

 

Here is a link to your Transaction History on your Dashboard:

https://secondlife.com/my/account/transactions.php?lang=en-US

Here is a link to your Marketplace Order History:

https://marketplace.secondlife.com/orders

 

Linden Lab doesn't panic when these break ins happen. Why? Because they are looking at your marketplace order history, looking at which of your accounts were used to make the purchases, the time of the purchase and also the IP address used on the website or the in-world session! Yes your assigned IP address and that of anyone who may have "stolen" your account credentials is logged. This will tell the staffer researching your issue if this is a problem of your own making or one of international proportions. Once that IP address is id'd, LL can check to see if it is in widespread use accessing many other accounts. This is just one of many other investigative steps LL is taking on your behalf.

Thel IP address associated with the accounts receiving goods are probably also being researched.

If this is a single off issue then it is more likely that your PC itself was compromised. Could be a trojan Horse reporting your keystrokes to a 3rd party. If the IP address is your normal IP address then maybe your PC is being taken over by this 3rd party. Let LL do their work.

So have you changed your passwords yet?  All of them?

 

 

 

 

[Ohhnoes]

---

HarleiQuinn wrote:

 

heres the message I recieved

 "avoid logging in or buying something on the SL Marketplace. someone from England cracked the authentication this week. i saw indications of this activity myself. the person who did it stole money and accounts. the same goes for secondlife.com, the main site. LL isn't talking. i'll be in contact with a tech til this is over."

 

---

[HarleiQuinn]

my passwords use various symbols, letters (upper /lower case) and numbers ,neither my email PW and SL account password are the same. I even made a seperate email account just for my SL account. Nnever used a public computer to acess either.

Having checked my account as well as transaction history there is nothing that shows 140.00 in Linden transactions debited to my credit card YET the bank says there are as it put my account in overcharges which they called to notify me about.All my transactions on MP were done with Lindens I had in my account made by hosting etc, and the only time I used my card was once this past month for only 10.00 for lindens I did to buy a house on MP.

[Qie Niangao]

Actually, this status log is quite a mess. Let's see if we can make any sense of it:

Billing Maintenance

Posted by Status Desk on October 24th, 2013 at 09:08 am PDT

[postED 9:05 PM PDT, 24 October 2013] We are performing maintenance on our billing engine. During this time our billing services including LindeX may not be available. Please continue to check this blog for updates.

[RESOLVED] Scheduled Billing Maintenance

Posted by Status Desk on October 22nd, 2013 at 03:28 pm PDT

[9:05 AM PDT, 24 October 2013] The scheduled billing maintenance is now complete.

[postED 3:25 PM PDT, 22 October 2013] We will be performing scheduled maintenance on our billing engine Wednesday, October 23, 2013 beginning at 9:00 AM PDT. During this time our billing services including LindeX and Marketplace, will not be available. Please continue to check this blog for updates.

So do we think these are really two separate incidents? And the one that was "POSTED 3:24 PM" on the 22nd says the fun was scheduled to start at 9:00 AM on Wednesday the 23rd, but it's claimed to be complete at 9:05 AM today, Thursday the 24th, so that would be a twenty four hour and five minute maintenance window.

But then we have another separate entry about Billing Maintenance supposedly "POSTED 9:05 PM PDT" today -- a time which is in the future as I write this.

So I have no idea what about Billing was "maintained" when, and how "scheduled" that maintenance really was.

[KarenMichelle Lane]

---

Qie Niangao wrote:

So do we think these are really two separate incidents? And the one that was "POSTED 3:24 PM" on the 22nd says the fun was scheduled to start at 9:00 AM on Wednesday the 23rd, but it's claimed to be complete at 9:05 AM today, Thursday the 24th, so that would be a twenty four hour and five minute maintenance window.

But then we have another separate entry about Billing Maintenance supposedly "POSTED 9:05 PM PDT" today -- a time which is in the future as I write this.

So I have no idea what about Billing was "maintained" when, and how "scheduled" that maintenance really was.

---

Having been a maintenance watcher for ages here in SL, I'm thinking they skipped the maintenance activity on Wednesday to today, Thursday and like usual, failed to update the GRID status correctly. Scheduled maintenance is scheduled maintenance. A critical issue would have been noted at a unscheduled maintenance activity.

I was performing billing related transaction [MP & one Linden purchase] yesterday so the planned maintenance activity certainly didn't bring down the ability to bill my payment methods.

 

[KarenMichelle Lane]

---

HarleiQuinn wrote:

my passwords use various symbols, letters (upper /lower case) and numbers ,neither my email PW and SL account password are the same. I even made a separate email account just for my SL account. Never used a public computer to access either.

Having checked my account as well as transaction history there is nothing that shows 140.00 in Linden transactions debited to my credit card YET the bank says there are as it put my account in overcharges which they called to notify me about. All my transactions on MP were done with Lindens I had in my account made by hosting etc, and the only time I used my card was once this past month for only 10.00 for lindens I did to buy a house on MP.

---

This sounds like you were indeed phished in the real world. It sounds like your billing method was billed outside of your particular Avatar account.. The lack of the corresponding account Transaction History or MarketPlace Order History on your account suggests strongly that some other Avatar Account is now using your payment method. That is why you see transactions from Linden Research in your banking records.

What's unusual that if this was a RL Identity Theft, why would a thief bother with a SL MP Purchases?

Could this be a misdirected MP Purchase from another SL account that ended up using your payment details by mistake? Unlikely since you also received the heckling message as well..

In any case - IMHO - You need to treat this as a Identity Theft and cancel your payment Method & CC  and ask for a new CC ASAP.

Also please let us know what LL finds out as well.

 

 

[Dillon Levenque]

---

KarenMichelle Lane wrote:

I was performing billing related transaction [MP & one Linden purchase] yesterday so the planned maintenance activity certainly didn't bring down the ability to bill my payment methods.

 

---

 

I would have been better off if maintenance HAD been going on since Wednesday morning. On the other hand, those B** boots I bought last night really are sensational.

[Qie Niangao]

---

HarleiQuinn wrote:

I asked them for a complate record of every transaction on my account that pertained to buying lindens with my credit card listed on my account. I know for a FACT that I have only used it once in the past month to buy 10 US dollars worth of Lindens though they say its 140.00 and that I was buying gifts for people on the MP . I,m Still waiting for the information which they said I would recieve yesterday.I,m contacting my bank to do charge backs on the transactions. And I took of my credit card info from my account and downgraded it to a free one from Premium.

---

Wait. Who's the "they" and "them" in this? Linden Billing? or your credit card company?

If it's Lindens, they surely know which account(s) billed US$140.00 against your credit card, and if it's just your one, single account, then I'm not so sure that your credit card information has been compromised, so much as maybe just your SL account.

But there's something else confusing:  If "they" are saying you were "buying gifts for people on the MP" and "they" are Lindens... I mean, they'd know that the gifts were bought, which account bought them (yours, presumably) and to whom the gifts were sent, but how could that not show on your account's Marketplace history? And why wouldn't the gift recipients be under suspicion?

[KarenMichelle Lane]

---

Qie Niangao wrote:

---

HarleiQuinn wrote:

I asked them for a complete record of every transaction on my account that pertained to buying lindens with my credit card listed on my account. I know for a FACT that I have only used it once in the past month to buy 10 US dollars worth of Lindens though they say its 140.00 and that I was buying gifts for people on the MP . I,m Still waiting for the information which they said I would receive yesterday. I'm contacting my bank to do charge backs on the transactions. And I took of my credit card info from my account and downgraded it to a free one from Premium.

---

Wait. Who's the "they" and "them" in this? Linden Billing? or your credit card company?

If it's Lindens, they surely know which account(s) billed US$140.00 against your credit card, and if it's just your one, single account, then I'm not so sure that your credit card information has been compromised, so much as maybe just your SL account.

But there's something else confusing:  If "they" are saying you were "buying gifts for people on the MP" and "they" are Lindens... I mean, they'd know that the gifts were bought, which account bought them (yours, presumably) and to whom the gifts were sent, but how could that not show on your account's Marketplace history? And why wouldn't the gift recipients be under suspicion?

---

Exactly

Qie - I was guessing that HarleiQuinn had been billed up to $ 140.00 USD across multiple MP purchases but I may be wrong. To be sure having no History shows her payment method is being used elsewhere on another account or that  the history recording functions are not working for her account.

If either of the above is true then this is an individual account issue that LL needs to straighten out.

[KarenMichelle Lane]

---

Ohhnoes wrote:

---

---

....grabs some popcorn from Ohhnoes' bag...Nom nom

[HarleiQuinn]

L L found the REASON for the transactions and payments charged back. All I.m gonna say.You can do the math. Lol

[KarenMichelle Lane]

---

HarleiQuinn wrote:

L L found the REASON for the transactions and payments charged back. All I.m gonna say.You can do the math. Lol

---

Are you planning on sharing the information about what happened with us?

 

[HarleiQuinn]

Billing issue

[KarenMichelle Lane]

---

HarleiQuinn wrote:

Billing issue

---

Thank you HarleiQuinn.

OKies so what happened exactly? The reason I ask is because those following this thread may want to know if this was/is a widespread issue or only a single account issue.

[  ]  Linden Lab erroneously billed your account?

[  ]  The Marketplace fulfillment process billed your account incorrectly?

Did linden Lab share with you any other details? Was this just a single issue affecting only your account?

[Perrie Juran]

 

---

KarenMichelle Lane wrote:

---

HarleiQuinn wrote:

Billing issue

---

Thank you HarleiQuinn.

OKies so what happened exactly? The reason I ask is because those following this thread may want to know if this was/is a widespread issue or only a single account issue.

[  ]  Linden Lab erroneously billed your account?

[  ]  The Marketplace fulfillment process billed your account incorrectly?

Did linden Lab share with you any other details? Was this just a single issue affecting only your account?

---

Can I play too?

  [  ]  A System error.  Yes they do happen.  As a RL retailer I have seen this twice.

  [  ]  When checking out OP didn't have enough $L in their account and didn't realise the charges were being converted to $US.  (I temporarily emptied my $L dollar balance to see what happens)

[Dillon Levenque]

Whoa, whoa, whoa. Billing issue? Really? That's your response? You started off this thread asking about MP being HACKED and said this:

"heres the message I recieved

'avoid logging in or buying something on the SL Marketplace. someone from England cracked the authentication this week. i saw indications of this activity myself. the person who did it stole money and accounts. the same goes for secondlife.com, the main site. LL isn't talking. i'll be in contact with a tech til this is over.' ",

And now you think you can just duck out with 'billing issue'?  What about that authentication cracking warning, then? Where'd that come from? Come clean.