SecondLife user-database hacked!

Posted on | September 9, 2006 | No Comments

everyone even slightly interested in MMOG SecondLife, probably already heard yesterdays bad news: an official security announcement on Linden Labs (creators of SL) reported a hack of SL’s database earlier this week. Linden Labs admits that user-data (account-names, reallife-names and contact-information) was compromised, which is why all residents are required to re-new their passwords in order to reactive their currently inactive accounts. LL claims that creditcard- and payment-information has not been disclosed, as these are stored seperately. clearly, this is a major bummer. as TechCrunch notes, SL-chatlogs and behavioral data (and yes, that includes tons of sexual actions performed!) publicly available in large scale, would even make AOL’s recent privacy-waterloo look like peanuts.

LindenLabs will not only have to tighten their security (please!), but also have to deal with an accusation silently vocalized by some commenters: apparently there was a span of 2 days between the actual hack and LL’s official announcement. this stinks like a company at least considering to sweep something under the rug, therefor demanding further clarification. given Philip Rosedales (CEO of LL) openness towards the community in the past, I’m confident that he’ll handle the situation with all the care appropriate. if anything, this issue re-emphasizes the importance of an open(source), standards-based and decentralized virtual world. just imagine the WWW was built on top of a single centralized user-databases storing all your online activity… sounds weird, right? so than why do it in Web-3D…

update: there’s a – rather pissed – post at Second Life Herald, which I’ld like to recommend reading. other sources suggest, that encrypted creditcard-info might have leaked as well

 

Comments