1. Frightening thought.. I'm bothered that they knew for days and didn't tell us, and becuase the security breach existed long before it was exploited, but now we shall play the waiting game and see if any enemies show up at our front doors! *peeks out the window*
Gonna have to change my password to ILoveAimeeMost or something.

Posted at 2:59PM on Sep 8th 2006 by Mistress Midnight Fairuza

2. Great. Now I have to change mine to ILoveAimeeMostestInfinityPlusOne.

Posted at 3:12PM on Sep 8th 2006 by Akela Talamasca

3. lovely.

Posted at 3:42PM on Sep 8th 2006 by ingrid ingersoll

4. It's tough to know quite how to respond to this.

Linden Labs, like any company retaining customer information, has a responsibility to take reasonable efforts to protect that data. The practical/techy side of me knows that "reasonable" does not mean "infinite", or even "extraordinary". Basically, no matter how much effort is put into protecting the data, the numbers are always against you. There are hundreds of thousands of people trying to break in, ranging from brainless script kiddies to highly skilled and well-funded techno-terrorists.

The irrational/emotional side of me says "ARGGH! Linden screwed up! This should never ever happen!"

Fortunately, I am not famous for anything I do or say in SL, and my real life (although private) wouldn't be damaged by a leak of information about my account. So long as my credit card is secure I am probably just fine.

"Famous" folks like Aimee, Mistress Midnight, and yes, even Prokofy...and people who have RL reasons to keep their information secure...please take precautions such as you can.

Posted at 4:24PM on Sep 8th 2006 by Tomas Hausdorff

5. Glad I'm aimee weeblers Alt, noone messes with her. But seriously it does give pause. I know first hand how much of a pain a cyber stalker can be. It drive me out of everquest. Perhaps I should be thankful, in the long run, but it was expensive and scary.

Posted at 7:21PM on Sep 8th 2006 by Jake Reitveld

6. Having been involved with web application security, I believe that the most likely scenario was the intruder only discovering that they could access customer information. Of course, I am not a Linden Lab employee nor do I have any knowledge about the incident.

One thing I am certain of, though, is that there have been extensive discussions concerning the fact that although Linden Lab may not be legally liable for damages if the doomsday scenario Aimee describes actually happened, the marketing and PR damage could be fatal.

Posted at 9:52PM on Sep 8th 2006 by Alan

7. When I started my account, I wasn't in a very good space paranoia-wise, and as such, basically every part of my account is a lie. Don't tell the Lindens.

Still, for those people out there for whom privacy is critical, I'm worried about the impact this could have. How much did they get? Do the exploiters really care? Did they even retain the data? What will be the response? I guess we'll find out.

Posted at 1:03AM on Sep 9th 2006 by Catherine Omega

8. The human factor is always worse than mechanical breakdowns or hacks. Long before this exploit and hack my RL identity was matched to my SL name without my consent or participation, and put on the SL forums and other third-party sites. I've been harassed intensively for a year, stalked, given death threats, and had my RL picture cut and and put into particles and blown all over sims within SL and all kinds of horrendous griefing. I don't think I've ever seen a higher concentration of anonymous griefing fucktards in my life than in SL. ]

LL needs to do a lot more to publish these offenders and put their avatar names on the police blotter, along with the names of those who report on them and the Lindens who prosecute the cases -- just like RL.

Posted at 2:43AM on Sep 9th 2006 by Prokofy Neva

9. Did you know that most people use the same password over and over again? So yes, having a list of all password might result in having access to paypal accounts, ebay, and maybe even bank accounts. I'm glad I've had a different password for Second Life BUT think about all those that didn't...

Posted at 12:05PM on Sep 9th 2006 by Johan

10. That is a good point Johan.

I actually use a cool trick introduced to me by FlipperPa where I use some simple rules on the domain name to switch letters around a bit and combine the result with a root password. In the end my password appears random, is different for each domain I visit, and is easy to figure out whenever I need it.

Posted at 12:08PM on Sep 9th 2006 by Aimee Weber

11. "I actually use a cool trick introduced to me by FlipperPa where I use some simple rules on the domain name to switch letters around a bit and combine the result with a root password. In the end my password appears random, is different for each domain I visit, and is easy to figure out whenever I need it."
Hey i do this too, and can recommend it to everyone. After a while I even started to use several different roots. It really is nice knowing you can easily change passwords without to much hassle or worry that you might forget it.

Posted at 10:39AM on Sep 12th 2006 by Frans Charming

12. Spare a thought for those of us who haven't touched SL in ages, and can't remember our user names!

Or might have dropped out ages ago and have absolutely no idea this has occurred!

I only found out from the news.google.com website, and I only looked at that because I was looking for info on something totally unrelated!!!

Not very happy!

Posted at 7:15PM on Sep 12th 2006 by AngryMan