The user account page gives a user’s SL account name, L$ balance, a small portion of their activity on the Marketplace activity, their wish lists, received gifts list, and the obfuscated version of their e-mail address (e.g. i****@g****.com, designed to provide the user with enough information to identify their own e-mail address without revealing it to others).
Multiple bug reports on the issue were raised with Linden Lab, and at least one forum thread was raised on the subject, with some pointing to the Marketplace maintenance that was in progress as a possible cause – and they were right, as the Lab’s Second Life Operations Manager has revealed in a blog post (Report on the Recent Marketplace Issue), that reads in part:
We’ve been working to make the Second Life Marketplace more robust and handle higher numbers of page views at once. Due to a change made this morning, the user account page got cached when we didn’t mean for it to be. Once we realised what had happened, we rolled back the changes immediately and deleted all of our caches. No other parts of Second Life were impacted.
Our engineering teams are now working with our QA (quality assurance) team to make sure we develop better testing for this in the future. We want to make sure we catch something like this long before it makes it out into the hands of Residents.
We’d like to extend a really big thank you to everyone who reported the issue to us the moment they saw it! Because of your vigilance we were able to react really quickly and limit the time that this misconfiguration was live. (Seriously, y’all rock! 💜)
We’re sorry this issue happened this morning. We’re working to make sure it never happens again, and developing better test procedures for use in the future.
While the error was unfortunate, and might have been a little discomforting for some who encountered it, the Lab estimates that no more than 500 users visited the account page during the time the issue could occur, and not all of them were given the wrong page to view.
Where the issue did occur, April notes that it did so at random, and randomly selected the incorrect page to be displayed, so it was impossible for a user to “pick” another user’s information and intentionally view it. She also notes that it was not possible to either make purchases via an incorrect account page, or to make any changes to the page.
As always, details in full in April’s blog post – and many thanks to her again for providing an explanation of the issue and what is being done to hopefully avoid future repetitions.