by Playfuls Staff |
11th September 2006
“Second Life” is one of the most popular video games today, gathering hundreds of thousands of players on its servers in search of a… better virtual life. But virtually better doesn’t mean safer in real life.[more]
According to the official “Second Life” blog a security breach has been discovered on September 6, which affected more than 650,000 accounts. Personal and private data was apparently lost and an update for passwords is extremely urgent for registered users:
“On September 6 we discovered evidence that an intruder was able to access the Second Life database through the web servers. The exploit was shut down on the afternoon of September 6 when we discovered it.
Detailed investigation over the last two days confirmed that some of the unencrypted customer information stored in the database was compromised, potentially including Second Life account names, real life names and contact information, along with encrypted account passwords and encrypted payment information.
No unencrypted credit card information is stored on the database in question. Unencrypted credit card information has not been compromised.
As a precaution we have invalidated all Second Life account passwords. In order to log-in to Second Life you will have to create a new password. Please access the log-in page at https://secondlife.com/password, and click on the “Forgot Password” link. An email will be sent to the email address you have registered with us. (Don’t forget to check your spam filter!) Please click through the link in that email, answer the security question, and create a new password.
Passwords cannot be changed over the phone at this time. Phone support for password issues will be available starting Monday, September 11.”
“We’re taking a very conservative approach and assuming passwords were compromised and therefore we’re requiring users to change their Second Life passwords immediately,” said Cory Ondrejka, CTO of Linden Lab. “While we realize this is an inconvenience for residents, we believe it’s the safest course of action. We place the highest priority on protecting customer data and will continue to take aggressive measures to protect the privacy and security of the community.”
As a consequence of the hacking, Linden Labs has invalidated all passwords previously chosen by its subscribers and has established an emergency phone line for those prompted to change their personal information.
"While we realize this is an inconvenience for residents, we believe it's the safest course of action," Cory Ondrejka, the chief technology officer of Linden Lab, said in the message to "Second Life" customers released late on Friday.
"Due to the nature of the attack, the company cannot determine which individual data were exposed," Linden Lab's statement said. A technical probe is ongoing, it said.
Second Life is one of many massive multiplayer online games ("MMOGs") where players can create new identities, build online businesses, and engage in all manner of interesting behaviors, some of which the players might want kept private.
Privacy breaches like the one in “Second Life” are unfortunately gaining proportions and are becoming more frequent. Not sooner than last month AOL fired at least three of its employees for a huge and potentially dangerous (for the company) mistake: the release of private information about 658,000 of its customers, which almost totally compromised their privacy.
The data was about the searches made by 658,000 AOL members between March and May 2006. Apparently, without authorization, a staff member from AOL posted on the Internet millions of search words used during the three month period, but with a positive purpose. He tried to offer to the research community the possibility to create a better tool for search engines, by studying the patterns present in the data offered about AOL clients.
