14 DAY TRIAL // Second Life is an extensive and persistent online world where players socially interact to build up significant living spaces, businesses, enjoy self made artistic expressions and basically, live a different reality, where they enjoy more freedom and diversity. On September 6, the Second Life team discovered evidence that an intruder accessed their database through the web servers. The exploit was shut down the same afternoon that it was discovered. Following the two day investigation, it is now confirmed that the unencrypted customer information stored in the database was compromised. Second Life account names, real life names and contact information, as well as encrypted account passwords and encrypted payment information might have passed on to the third party attacker.
The Linden Lab online service team delivered a swift response, by invalidating all Second Life account passwords, amounting to more than 660.000. user entities. In order to once again have access to their characters, Second Life players must follow one of the built-in password recovery methods. Second Life wanted to assure customers that no unencrypted credit card information was stored on the database subjected to the online attack, therefore, no such details were compromised. Regardless, the community is in uproar, as sensitive data has been stolen, not to mention password invalidation is a serious drawback to the online activity.
Since a massive amount of subscribers need to revalidate their passwords, the unfortunate event's consequences could be felt on during the weekend. As changing passwords by phone was not an option until Monday morning, the development team completed last night a code change to the game that enabled several additional options to change passwords via the web site. This particularly targets players that don't have access to the email address filled in for Second Life, the address doesn't exist or simply can't remember the answer to the security question.