The issue was solved. Almost. One problem seem to be that the IMVU-team missed the natural way of evading such fixes. With a small change in a script that makes it possible to hijack accounts, the issue is still reachable by whoever that finds out the way to do this. Allowing users to enter their own html-code at any website will always open doors to new hacking threats. The best solution against such things is to really consider disabling this completely (or disable javascripting in the webbrowser). But then, IMVU will probably not be as ”fun” as the users there thinks it is now…
There are also two threads at the IMVU-forum that might be interesting, to refer to, regarding this subject.
The first thread is probably the first signs of where people started to discover that something was wrong.
The second thread is where IMVU disabled scripting, and where they was supposed to fix this issue.