*SAN FRANCISCO, CA. (September 8, 2006)* – Linden Lab reported todaythat it is notifying its community of a database breach, whichpotentially exposed customer data including the unencrypted names andaddresses, and the encrypted passwords and encrypted paymentinformation of all Second Life users. Unencrypted credit cardinformation, which is stored on a separate database, was notcompromised.
The breach was discovered on September 6, 2006 and promptly repaired.The company then launched a detailed investigation that revealed anintruder was able to access the Second Life databases utilizing a”Zero-Day Exploit” through third-party software utilized on SecondLife servers. Due to the nature of the attack, the company cannotdetermine which individual data were exposed. The company’s technicalinvestigation is ongoing.
“We’re taking a very conservative approach and assuming passwords werecompromised and therefore we’re requiring users to change their SecondLife passwords immediately,” said Cory Ondrejka, CTO of Linden Lab.”While we realize this is an inconvenience for residents, we believeit’s the safest course of action. We place the highest priority onprotecting customer data and will continue to take aggressive measuresto protect the privacy and security of the community.”
Linden Lab advises all users to take appropriate precautions againstmisuse of personal information. To reduce the risk of fraud, LindenLab will not contact individuals by phone or any other method askingfor private information unless it is in response to an inquiry fromthe individual user.
4 Responses to “Second Compromised Life”
Leave a Reply
You must be logged in to post a comment.