When there’s hundreds of thousands of real dollars pinging around in a virtual world like Second Life (US $324,649 in the last 24 hours at the time of writing) it’s only a matter of time before criminals take an interest.
Second Life has issued an urgent security warning to all of its users via email and its blog:
On September 6 we discovered evidence that an intruder was able to access the Second Life database through the web servers. The exploit was shut down on the afternoon of September 6 when we discovered it.
Detailed investigation over the last two days confirmed that some of the unencrypted customer information stored in the database was compromised, potentially including Second Life account names, real life names and contact information, along with encrypted account passwords and encrypted payment information.
As a result they suspended all members and asked people to go and refresh their passwords.
Doubtless more details and analysis of the type of attack and the kind of information that was compromised will be forthcoming from bloggers more technically able than I. Even as a layman it seems a dramatic step to have to take.
Leave a Reply
You must be logged in to post a comment.