Clickable Culture   Official Research Blog of Phantom Compass
  ‘Second Life’ Security Breached:  User Data at Risk  
 
 
Posted 2006-09-11 by Tony Walsh
 
 
     
 
On September 6, 2006, a database was breached containing customer information of over 600,000 Second Life virtual world users. While the breach was reportedly repaired promptly by Second Life maker Linden Lab, the company did not inform customers of the incident until September 8, 2006. A detailed email was sent to all users by Linden Lab explaining that customer data was potentially exposed, including "unencrypted names and addresses, and the encrypted passwords and encrypted payment information of all Second Life users. Unencrypted credit card information, which is stored on a separate database, was not compromised." The encryption was described as "difficult to defeat" but not unbreakable.

This isn't the first of Second Life's security problems, but it's sure to be the most serious. The virtual world, as with most services relying on the internet, has been subjected to denial of service attacks [1,2,3,4,5], socially-engineered attacks [1,2,3], and exploits of various kinds [1]. Linden Lab has promised repeatedly to turn over offenders to the authorities (such as the FBI) [1,2,3], but I've never heard of anyone charged.

Last month I compared a massive breach of AOL customer privacy to a related Second Life issue pertaining to obfuscated public data being posted in plain sight. I think it's safe to say that this recent security gaffe is much more comparable. While it's great that Linden Lab investigated the breach, the breach never should have happened in the first place--particularly for a virtual world continually positioned as the next-generation web and Business Platform 2.0.

Earlier reports were filed by TechCrunch's Marshall Kirkpatrick, 3pointD's Mark Wallace, Steven Davis of PlayNoEvil, and csven of reBang.
 
     
 
   
 
  ... share via email del.icio.us digg bloglines fark reddit newsvine simpy blogmarks magnolia  
  1 Comments  
 
   
 
Comment posted by Brace
September 14, 2006 @ 7:33 am
     
 
"While it's great that Linden Lab investigated the breach, the breach never should have happened in the first place--particularly for a virtual world continually positioned as the next-generation web and Business Platform 2.0."

Yep
 
     
 
     
   
 
 
     
 
     
[ Detailed Search ]
Clickable Conversation
5224 comments
on 4159 entries

Dinozoiks wrote:
Wow! Thanks for that Tony. Just posted a bunch of other tips here... http://www.dino.co.uk/labs/2008/45-tips-when-designing-online-content-for-kids/ Hope it helps someone... Dino...
in Dino Burbidge's '10 Things To Remember When Designing For Kids Online'


yes, many of the free little games are crappy. but as an artist who has recently published free content on the itunes app store,…
in Free iPhone Games Are Awful: Strategy?


I vote for popup radial menus. Highlight a bit of text, the push and hold, Sims-style radial menu pops up with Copy, Paste, etc....
in More iPhone Gestures, Please


Hey Tony! A client of mine is looking to hire an internal Flash game dev team to build at a really cool Flash CCG…
in Dipping Into Toronto's Flash Pool


Yeah, there's a lot of weird common sense things I've noticed they've just omitted from the design. No idea why though....
in More iPhone Gestures, Please


It also bears noting there's no mechanism right now for a developer to offer a free trial for the iPhone; the App Store isn't…
in Free iPhone Games Are Awful: Strategy?


@GeorgeR: It's on my shopping list :) I've heard good things about it as well. And Cro Mag Rally. @andrhia: meh, I don't know…
in Free iPhone Games Are Awful: Strategy?


...you get what you pay for, you know? I actually bought Trism based on early buzz, and it's truly a novel mechanic. I've been…
in Free iPhone Games Are Awful: Strategy?


The only one I've heard good things about is Super Monkey Ball. Have you given that a whirl yet?...
in Free iPhone Games Are Awful: Strategy?


Advance warning: this frivolent comment is NOT RELATED or even worth your time ... But whenever i hear "Collada", i think of that SCTV…
in Electric Sheep Builds Its Own Flock


Clickable Culture Feeds:

RSS 2.0 ATOM 1.0 ALL

Accessibility:

TEXT

Clickable Culture
Copyright (c)1999-2007 in whole or in part Tony Walsh.

Trademarks and copyrights on this page are owned by their respective owners. Comments owned by the Poster. Shop as usual, and avoid panic buying.