Hacked? Email from Highfildelty?


---------- Original Message ----------
From: Philip Rosedale support@highfidelity.io
Date: January 26, 2017 at 4:23 PM
Subject: Important information about your High Fidelity account

High Fidelity: Important Notification

View this email in your browser


Recently, we determined that a High Fidelity staff email account was compromised. Based on an audit of our logs, it appears that the account was accessed by an unauthorized user in late December and again in early January.

I’m contacting you today because this compromise may have exposed your email address and High Fidelity account username.

Your password was not decodable from this information, and no payment or credit card information or history was accessed.

We internally use a 3rd party analytics package. The compromised email account had access to this tool. The tool integrates with a copy of a database to allow us to track total hours of use, crash rates, and so on for users that opt to share that information. Due to an oversight, the copy of the data that we use for analytics also included these emails and High Fidelity account names. We were able to confirm that the compromised account was able to access this user information through the analytics package.

This information also included salted and hashed passwords. Salting and hashing creates an unreadable string based on your password. Salted and hashed passwords cannot be used to access your High Fidelity account, and we have had no reports of High Fidelity accounts being accessed without authorization.

However, it is the case that we have failed to hold in trust personal information you gave us when you signed up for High Fidelity. I want to personally apologize for this failure.

In terms of what happens next:•We are currently reviewing the security of all of our systems and adding additional security such as two-factor authentication to all our internal email accounts.
•As a precautionary measure, you might consider reviewing your email activity and particularly any emails you have received from High Fidelity. Please notify us if you see anything suspicious.
•We very much hope you will continue using High Fidelity. However, if you wish to have your account deleted, please email requests@highfidelity.io using the email address registered to the High Fidelity account you wish to delete to initiate this process.
•Please feel free to contact us at support@highfidelity.io with other questions about this matter.
Looking forward, this is an opportunity to touch on how important we think identity and the security of your identity will be in virtual worlds. In our alpha and beta stages we have taken the approach of storing user information in a traditional database. But, as this breach demonstrates, this is not a perfect solution, no matter how carefully designed and managed. It is our belief that as High Fidelity becomes widely used as a platform, we must design and implement identity systems which are decentralized, under the control of you (not us), and ideally impossible to breach through any single point of attack.

See you in-world,

Philip Rosedale
CEO, High Fidelity

High Fidelity | highfidelity.com

You are receiving this email because you signed up for a High Fidelity Account.

Our mailing address is:

High Fidelity

1065 Folsom Street
San Francisco, CA 94103
Add us to your address book

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this l

I received this email today and would like to know its legitimacy. Anyone else get this?

split this topic #2

2 posts were merged into an existing topic: Important information about your High Fidelity account

closed #3