The firm behind virtual world Second Life has warned its
660,000 members about a serious security breach which has seen
hackers able to access their personal details.
Linden Lab has notified it members of a database breach “which
potentially exposed customer data, including unencrypted names and
addresses, and the encrypted passwords and encrypted payment
information of all Second Life users”.
Unencrypted credit card information, which is stored on a
separate database, was not compromised, said Linden.
Second Life allows users to lead a virtual 3D second life on
their PC by interacting with other members, and to carry out
pursuits they wouldn’t normally expect to take on in their real
lives.
Cory Ondrejka, chief technical officer of Linden Lab, said,
“We’re taking a very conservative approach and assuming passwords
were compromised, and therefore we're requiring users to change
their Second Life passwords immediately.”
The breach was discovered last week, and “promptly repaired”,
said Linden.
The company launched an investigation into the breach which
revealed an intruder was able to access the Second Life databases
using a “zero-day exploit” through third-party software used on
Second Life servers.
A zero-day exploit is one not patched against by software
providers. “Due to the nature of the attack, the company cannot
determine which individual data was exposed,” said Linden.
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats