660,000 Second Life users hit by security breach

The firm behind virtual world Second Life has warned its 660,000 members about a serious security breach which has seen hackers able to access their personal details.

Linden Lab has notified it members of a database breach “which potentially exposed customer data, including unencrypted names and addresses, and the encrypted passwords and encrypted payment information of all Second Life users”.

Unencrypted credit card information, which is stored on a separate database, was not compromised, said Linden.

Second Life allows users to lead a virtual 3D second life on their PC by interacting with other members, and to carry out pursuits they wouldn’t normally expect to take on in their real lives.

Cory Ondrejka, chief technical officer of Linden Lab, said, “We’re taking a very conservative approach and assuming passwords were compromised, and therefore we're requiring users to change their Second Life passwords immediately.”

The breach was discovered last week, and “promptly repaired”, said Linden.

The company launched an investigation into the breach which revealed an intruder was able to access the Second Life databases using a “zero-day exploit” through third-party software used on Second Life servers.

A zero-day exploit is one not patched against by software providers. “Due to the nature of the attack, the company cannot determine which individual data was exposed,” said Linden.

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest  organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats