Second Life Site Reports Security Breach
Posted on: Monday, 11 September 2006, 18:00 CDT
By RACHEL KONRAD
SAN FRANCISCO - Second Life, a three-dimensional virtual world for entrepreneurs, is asking its 660,000 members to change passwords after a security breach may have exposed users' confidential data, including credit card numbers and passwords.
Executives at the privately held company said Monday they contacted the FBI and are trying to determine whether the hacker was already a member of the popular multiplayer game.
The company has determined that a hacker - not a robot or automated software program - accessed at least one Web server for up to several hours. It's unclear whether the attacker stole data, sold data or engaged in identity theft or other fraud, said Philip Rosedale, CEO and founder of San Francisco-based Linden Lab, which operates Second Life.
No users have reported fraudulent charges or other problems since the incident, which appears to have begun late Wednesday.
"We erred on the side of being extremely supportive and careful," said Rosedale, former chief technology officer of RealNetworks Inc. "It will be a few bad press days, but it's better to disclose that there might have been a compromise."
Second Life is a fantasy game devoted to capitalism - a 21st century version of Monopoly that generates real money for successful players.
The game centers on cartoon characters called avatars that users design to interact with fellow gamers. The avatars buy and sell all types of property, goods and services with "Linden dollars."
Second Lifers pay as much as $9.95 per month for a premium subscription to conduct business in the virtual world. They purchase Linden dollars with U.S. currency or trade it on the LindeX Currency Exchange.
A September 2006 Popular Science article estimated that Second Life has a gross domestic product of $64 million. The game's most successful entrepreneurs may earn hundreds of thousands of U.S. dollars online.
Engineers discovered the hack Thursday and, after investigating computer logs, decided Friday to alert members. The hacker gained access through a flaw in software known as TikiWiki, an open source program engineers use on the game's "support" site, which explains rules and answers users' questions.
The company set up a toll free hot line to help users change passwords, staffed by about 30 employees - including the chief executive.
"The attacker wasn't getting into our software through our code - it was someone getting in and having time on a Web server," Rosedale said.
--
On the Net:
http://www.secondlife.com
Source: Associated Press/AP Online
Related Articles
- Virtual World Second Life Continues To Thrive
- IBM Opens New 3D Virtual Healthcare Island on Second Life
- Second Life's CTO Resigns
- Virtual Bernanke Guides 'Second Life'
- 'Second Life' Sex Program Spawns Lawsuit
- 'Second Life' Sex Machine Spawns Lawsuit
- 'Second Life' Opens Source Code
- 'Second Life' 3-D Digital World Grows
- BBC to air festival in online world Second Life
 |
 |
User Comments (0)
RSS Feeds