Recently, we have gotten some reports of Second Life accounts getting taken over and their Lindens and /or Bloodlines assets transferred to other accounts. Many refer to this as their account getting “hacked”, but it is more likely that they are getting phished, brute-forced, or their passwords simply guessed. Accounts are not getting compromised “through” Bloodlines or because of Bloodlines. There is absolutely no way that someone could gain access to your Second Life account through your Bloodlines account. The Bloodlines system does not interact with your Second Life authentication in any way.
Regardless, there are a few easy, simple things you can do to make sure this never happens to you. Keep in mind that we are not talking about your slbloodlines.com account here, or your account on this blog, we are talking about the authentication you use to log into the Second Life viewer.
- Make sure your password is strong, and is not anything remotely related to your name, or any word, or anything that remotely makes sense. Make sure it is long, includes numbers, symbols, and both capital and lowercase letters. If your name is Wilson, “wilson” is a bad password. So is “w1ls0n5”. Your password should look something like this: “FSm%9G*NxrZM#C”. Yes, it’s inconvenient to have a password like this, but so is getting all of your stuff stolen.
- Never give your password to anyone.
- Really, never ever give your password to anyone, for any reason. I mean it.
- NO, not even your girlfriend, boyfriend, wife, mother, son, or siamese twin. Nobody. Never, never, NEVER give your password to anyone!!!
- Ok, now that that’s out of the way: DON’T CLICK ON LINKS POSTED IN GROUPS OR IN ANY CHAT ANYWHERE IN SECOND LIFE! Once again, if someone posts a link to something in Second Life: DO NOT CLICK ON IT!!! This is how you get phished, someone will post a link to a “marketplace” listing that you think goes to marketplace.secondlife.com, but it really goes to marketplace.secondlife.phishingsite.com, which looks just like the sl marketplace, and is designed to capture your login and password (once you type it in), so then they can log in as you and steal all of your stuff. In this example: marketplace.secondlife.phishingsite.com, “phishingsite.com” is the domain you’re going to, and marketplace.secondlife has been set up as a subdomain there. Anyone who owns a domain can set up any subdomain they like on it. Make sure you look at the domain right before the “.com” to see what the real domain is that you’re visiting.
- Don’t type your password into anything except a trusted Second Life viewer, or into the website secondlife.com, after you have manually typed secondlife.com into your browser window, and made sure that the last thing before the first “/” in the URL is “secondlife.com”, and not “secondlife.somethingsomething.com”. A good practice is to never type your SL password into anything unless you manually typed the URL into your browser.
- Don’t worry so much about people getting your public IP address. This tells them very little, and everything you do on the internet exposes your public IP address in some way. This is not how they are getting you. They are getting you because you are doing something like:
- Having an insecure password that is easy to guess.
- Giving your password to someone.
- Clicking on links in chat groups.
- Typing your password into sites that you clicked on from chat groups.
On top of that, if someone comes to you saying they are “quitting Second Life” and want to sell you all of their souls and containers, it is likely to be a scam. If someone tells you this, and you buy all of their stuff, and then we find out later that the account had been taken over by someone else, we are going to return everything that you bought from them. If someone is offering a large dump of resources like this, it is a good idea to contact their liege and confirm it with them, or someone else in their clan who knows them. Something else you can do is give them a waiting period, tell them you will buy it in 3 days if everything is still for sale, and report it to Lyle Maeterlinck, and we can check on it. If the person is truly quitting Bloodlines or Second Life, then they shouldn’t mind if we lock their Bloodlines account for 3 days to make sure that the real account owner doesn’t come back. If you’re really quitting Bloodlines or Second Life and want to sell all of your stuff, contact Lyle Maeterlinck first, and I can lock your account for a waiting period to make sure the real account owner doesn’t come back.
If someone asks you to transfer money outside of second life through Paypal or a bank transfer or any other way, it is almost definitely a scam. Don’t do this.
Given all of this, we can never guarantee or be held responsible for third-party transactions. If you are buying containers directly from us, we absolutely guarantee them, but if you are buying souls or containers from anyone else, there is a risk involved. Be careful, take things slowly, and use good judgment. Feel free to contact me directly in Second Life (Lyle Maeterlinck), or comment on this post if you have questions.