Linden Lab’s security and customer support are probably the worst i have seen in my ~20 years online time. Today i was messaged by a hacked Linden account. Tia Linden (who i thought was laid off in 2010 during the big purge, but i guess not). No joke, last time i’ve seen that happen was 2008 and it was just a hacked name, no actual Linden account. I know who it was, this kind of thing happens often, but this is the first time it affected a LL employee. Tia Linden is now gone from search apparently, as usual the only thing LL has to say about this is canned standard responses from “Scouts”, in fact that is all people get from LL these days.



I wonder if the person tricked the geniuses at LL support into resetting the password by providing basic RL info, like it is being done to countless other accounts, without LL doing much about it. It happens every day and happened to dozens of people i know. It’s trivial to do, apparently even if you ask LL to add a second password question or PIN as an additional layer of security (which they only grant if you are a premium account, lol), because the people who work in support just don’t know about it / are new / etc. So basically *any* SL account is fair game. Usually people who compromise accounts delete inventory irreversibly and send any $L in the account to other people. Often it is creators or land owner accounts in good standing with a lot of money in them, you can send that money to other people in large quantities in order to trigger the automated fraud detection system and get them banned too, at least temporarily, Great right? Would be hilarious but that’s probably not what happened, i think he must have bruteforced the account or got access to her emails through other means.



What’s more important though is, if whoever hacked this Linden account had access to the CSR database and other stuff too. What else is there, people’s real life names registered on the accounts, billing info, chat & IM logs etc. LL keeps a lot of detailed info on residents, including PINs on how to reset their account passwords :^) If someone can hack a Linden account this easily, i think many people won’t feel comfortable about being premium members any more. I’m not concerned about my real life info, people know my name and other info already due to similar shit and now silly SL stuff pops up if you google my real name. But when it comes to banking info that’s where the fun stops. Or my 120k items inventory, or my regions which have been a lot of work, my other accounts i pay premium for, the list goes on. Considering i’ve made LL like 200k$ US in tier alone over the past years you’d think i deserve a higher level of security, right?



I love SL and many of the people working at Linden but these issues put everything in question. A clarification would be nice but i am not holding my breath. You can only hope Linden Lab is using different security measures for their CSR stuff, but knowing LL.. they don’t. Considering the Linden account must have been bruteforced, she must have had a very simple password and is probably using the same passwd for everything. We will probably never find out because Linden transparency.

ETA: Someone told me Osiris logins are probably just tia.linden and the password, but they are pretty sure it is all hooked up to ldap. God mode is based on the mac address and hdd serials registered in the database, and probably can be activated onto a logged in instance through Osiris.