Virtual Site Second Life Leaks Real Data

Second Life, a Web site that lets subscribers create a virtual character to interact in a fictional online environment, has run into a real world problem after hackers compromised the service's database. Personal data including names, addresses and payment information were leaked.

Linden Lab, the company behind Second Life, says the breach potentially affected all 650,000 users, and it is requiring customers to change their password. "While we realize this is an inconvenience for residents, we believe it's the safest course of action," wrote Linden Lab chief technology officer Cory Ondrejka.

The company said in a security bulletin that unencrypted names and addresses, as well as encrypted passwords and payment data was among the information stored in the database. Hackers apparently used a "zero-day" exploit on commercial software utilized by Second Life servers.

Unencrypted credit card information, which is stored in a separate database, was not compromised, the company says. Linden Lab did not specify what payment information was leaked, but encouraged all customers to "take appropriate precautions against misuse of personal information."

"We place the highest priority on protecting customer data and will continue to take aggressive measures to protect the privacy and security of the community," added Ondrejka.