The Oaks Ignore Their Pleas

Second Life Security Breach

Posted in Second Life by Jeff Graves on September 9, 2006

Ugh…I’ve heard a number of people say “it was bound to happen sooner or later”, but that doesn’t make it any easier to hear or deal with.  If you’re a resident of SL, unless you haven’t attempted to go in-world today, you probably already know that earlier today, Linden Labs announced that a database containing user information, including passwords, has possibly been compromised.  Full text follows:

 On September 6 we discovered evidence that an intruder was able to access the Second Life database through the web servers. The exploit was shut down on the afternoon of September 6 when we discovered it.

Detailed investigation over the last two days confirmed that some of the unencrypted customer information stored in the database was compromised, potentially including Second Life account names, real life names and contact information, along with encrypted account passwords and encrypted payment information.

No unencrypted credit card information is stored on the database in question. Unencrypted credit card information has not been compromised.

As a precaution we have invalidated all Second Life account passwords. In order to log-in to Second Life you will have to create a new password. Please access the log-in page at, and click on the “Forgot Password” link. An email will be sent to the email address you have registered with us. (Don’t forget to check your spam filter!) Please click through the link in that email, answer the security question, and create a new password.

Passwords cannot be changed over the phone at this time. Phone support for password issues will be available starting Monday, September 11.

Now, bear in mind that there’s no hard evidence that says that account names and contact information were compromised, only that there is a possibility they were.  However, it does appear certain that at least some information was compromised.

Aimee Weber comments on the Second Life Insider blog that the potential exposure of real-world names affiliated with particular avatars may have implications beyond mere inconvenience.  She raises the uncomfortable possibility of SL stalkers taking their hunt to the real world.   For now, though, I agree with her that until there’s hard evidence that harmful data has been compromised, we should all remain calm.  It’s not going to be particularly comfortable waiting, though…




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: