All users of the online 3D virtual community Second Life were forced to reset their passwords after someone broke into the company's database of user information.
Second Life Cracked In Real Life
"Your World. Your Imagination." reads the motto of Second Life, the online community developed by Linden Lab.
That world received a lesson in reality a few days ago: no matter how cool or useful something is, someone will try to break into it for personally identifiable information.
Linden Lab posted an urgent security announcement to its blog on Friday about the September 6th breach:
Detailed investigation over the last two days confirmed that some of the unencrypted customer information stored in the database was compromised, potentially including Second Life account names, real life names and contact information, along with encrypted account passwords and encrypted payment information.
No unencrypted credit card information is stored on the database in question. Unencrypted credit card information has not been compromised.
The safety of the encrypted payment information will depend on the quality of the encryption.
Breaking encryption has been going on ever since the first efforts at encryption were ever attempted. It seems likely that prudent users of Second Life will be calling their credit card issuers about the issue.
Robin Linden's blog post about the breach stated, "we discovered evidence that an intruder was able to access the Second Life database through the web servers."
While details of the breach have not been published, such access as described frequently happens when attackers utilize a SQL injection attack.
Second Life has a number of noteworthy online personalities who participate in the virtual community.
Former Microsoft blogger Robert Scoble, Boing Boing blogger and sci-fi author Cory Doctorow, and EFF founder Mitch Kapor have all spent some time at Second Life according to various blog posts and stories.
iEntry 10th Anniversary
RSS
Archive
Del.icio.us
Digg
Yahoo! My Web
Furl
