Virtual Site Second Life Leaks Real Data

Second Life, a Web site that lets subscribers create a virtual character to interact in a fictional online environment, has run into a real world problem after hackers compromised the service's database. Personal data including names, addresses and payment information were leaked.

Linden Lab, the company behind Second Life, says the breach potentially affected all 650,000 users, and it is requiring customers to change their password. "While we realize this is an inconvenience for residents, we believe it's the safest course of action," wrote Linden Lab chief technology officer Cory Ondrejka.

Virtual online worlds like Second Life have seen a recent surge in popularity thanks to improvements in graphics technology and broadband usage that allow for a fully immersive three-dimensional world. Characters interact with others, buy and sell land, and even build virtual businesses all online.

Virtual currency, known as "Linden Dollars," can even be exchanged for real world money, and actual corporations like Coca-Cola and American Apparel have setup virtual businesses in Second Life.

The company said in a security bulletin that unencrypted names and addresses, as well as encrypted passwords and payment data was among the information stored in the database. Hackers apparently used a "zero-day" exploit on commercial software utilized by Second Life servers.

Unencrypted credit card information, which is stored in a separate database, was not compromised, the company says. Linden Lab did not specify what payment information was leaked, but encouraged all customers to "take appropriate precautions against misuse of personal information."

"We place the highest priority on protecting customer data and will continue to take aggressive measures to protect the privacy and security of the community," added Ondrejka.