Complain about a product or service

Hackers Make Off With "Second Life" Data

By Martin H. Bosworth
ConsumerAffairs.com

September 10, 2006

Data Theft • Bank Data Breach Affects 12.5 Million Consumers • Data Breaches Exceed 2007 Record • Thieves Steal AT&T Laptop with Employee Data • Report: Data Breach Disclosure Laws Don't Affect Identity Theft • Patient Information Exposed in Data Breach at Walter Reed • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

Players of the popular "virtual world" online roleplaying game "Second Life" got a nasty bit of real-life news when the company that owns the game was hit with a database hack affecting all 600,000-plus members of the community.

Linden Labs, creators of Second Life, announced that their payment database had been hacked on September 6th.

The hackers made off with members' names, addresses, contact information, and "encrypted payment information," according to a statement posted on Linden Labs' blog. The company claimed that no "unencrypted credit card information" had been stolen.

Linden Labs claimed to have shut down the hacker exploit as soon as it was discovered, and told members that they would need to reset their passwords by answering specific security questions.

Linden Labs did not specify how the hack was achieved, and TechCrunch's Marshall Kilpatrick theorized this might be due to the company wanting to avoid embarrassment, as well as future incidents using the same methods.

"The company was hesitant to disclose information about the breach, the data put at risk and the company's architecture for fear that such information could make future exploits easier to perform," he said.

Second Life is one of many massive multiplayer online games ("MMOGs") where players can create new identities, build online businesses, and engage in all manner of interesting behaviors, some of which the players might want kept private.

Much like the release of AOL's search data on its users, publicizing the account information stolen from Second Life could lead to all manner of embarrassing revelations as to what the players really get up to in the virtual world.

Second Life's breach could be particularly serious, due to the ease with which players can set up online businesses and sell items that can be converted into real-world dollars. Because "residents" of Second Life own the rights to their creations within the game, they can earn profits from hawking all sorts of wares within the online universe.

Blizzard Entertainment, makers of No.1 MMOG World of Warcraft, demonstrated the potential privacy dangers in online roleplaying games when they installed a monitoring program on players' computers called "The Warden." The program, designed to alert Blizzard to signs of cheating or abuse, enabled programmers to have access to almost any program on a player's machine.

Several World of Warcraft players were able to use yet another privacy-violating program, the infamous Sony rootkit, to circumvent "The Warden" and practically any other form of online monitoring.

In discussing the Second Life breach, AOL blogger Vladimir Cole said, "Gamers haven't been paying much attention to privacy of in-game communications. Given how intimate some of those communications have become, maybe it's time for more scrutiny of privacy protection measures taken by MMOG providers."

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.