I’m guessing that when Second Life said they were activity encouraging user generated content and member software…

Hello Second Lifers,

As announced on our website at http://secondlife.com/corporate/bulletin.php and corporate blog at http://blog.secondlife.com/?tag=security, Second Life discovered an attack on our servers on September 6, 2006. The full security bulletin is reprinted below, followed by a FAQ that includes important security advice for our community.

===================
SECURITY BULLETIN

*SAN FRANCISCO, CA. (September 8, 2006)* – Linden Lab reported today that it is notifying its community of a database breach, which potentially exposed customer data including the unencrypted names and addresses, and the encrypted passwords and encrypted payment information of all Second Life users. Unencrypted credit card information, which is stored on a separate database, was not compromised.

The breach was discovered on September 6, 2006 and promptly repaired. The company then launched a detailed investigation that revealed an intruder was able to access the Second Life databases utilizing a “Zero-Day Exploit” through third-party software utilized on Second Life servers. Due to the nature of the attack, the company cannot determine which individual data were exposed. The company’s technical investigation is ongoing.

… this wasn’t what they meant.

Technorati Tags , , , ,