AOL | Mail | You might also like: WoW Insider, Massively, and more [down-arrow.png] More Sites You Might Like * Massively * Engadget * Engadget HD * Engadget Mobile * TUAW * Autoblog * Autoblog Green * TechCrunch * WoW Insider * URLesque * Games.com * Comics Alliance * FanHouse * MMA Fighting * Politics Daily Login [down-arrow.png] / Register Email address: ____________________ Password: (Forgot?) ____________________ Username: ____________________ Login Cancel Joystiq PS3 XBOX Wii DS PSP PC Mobile ____________________ Submit * Main * Games * reviews * Podcast * Videos * Galleries * Downloads * About * Tip Us * RSS * Twitter PS3 Xbox Wii DS PSP PC Mobile * News * Review * Screens * Video * Downloads * Achievements * Guides * Forum Second Life's user database breached by Vladimir Cole [writer_rss.gif] on Sep 9th 2006 1:25AM 31 Hackers broke into the Second Life user databases on Thursday, according to this post on the official blog of Second Life parent company Linden Labs. Intruders gained access to Second Life account names, real life names, contact information, encrypted account passwords and encrypted payment information. So what? Well, there's something scarier about this theft. Name, address and credit card information is stolen daily from various inept ecommerce sites. We're kind of accustomed to that level of theft. But how many of us are really comfortable with data stolen from the place where we spend our leisure time? To put a finer point on it, what happens when archived MMOG chat logs are breached? It's going to be ugly, like AOL ugly: "I swear honey, that Furry meant nothing to me. It was totally just research for my new book. I'll sell the teledildonics equipment on eBay first thing tomorrow." Gamers haven't been paying much attention to privacy of in-game communications. Given how intimate some of those communications have become, maybe it's time for more scrutiny of privacy protection measures taken by MMOG providers. [Via Techcrunch] [Image via furry.wikia.com] * Source Tags: data breach, internet privacy, linden, linden labs, Mac, PC, privacy, second life, SecondLife Share Reader Comments (31) Posted: Sep 9th 2006 1:46AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report So wait. You're proposing that someone stealing in game conversations that could, at worst, embarrass you is somehow worse than someone stealing finacial information that could potentially drain your lifesavings. Good logic. Reply Posted: Sep 9th 2006 1:45AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report whats up with Joystiq's sudden furry fixation? Reply Posted: Sep 9th 2006 1:47AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Matt: that's exactly what I'm saying. Credit cards have protections in place that limit a person's liability in cases of identity fraud. I've been through it, I know. Public disclosure of search and behavior data would be far, far more detrimental. Reply Posted: Sep 9th 2006 1:51AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report At least half of Second Lifes population is furry, so this is more of a "Haha" story rather than something that shocked me. Too bad for those that aren't furry on SL though. Reply Posted: Sep 9th 2006 1:55AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report vc That is, of course, if the behavioral data were somehow linked to a person of reputable stature rather than said person's character. It would indeed be something interesting to see if Mayor X or Senator Y had a private/intimate cyber session posted across the internet. Interesting more, though, would be if said politician's credit card information packaged neatly with security code, billing address, and a password quite likely to be used on multiple website ro other accounts fell into curious hands. Reply Posted: Sep 9th 2006 2:25AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Yet another reason why online gaming and micropayments are the way of the future! Reply Posted: Sep 9th 2006 2:27AM Antibot said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report There are two things I disagree with. First, the idea that we've become accustomed to identity theft. I haven't. I think lack of security of personal information is probably the biggest problem with the internet. It's not a technological problem though; People just need to be educated better about using the internet safely. Second, the idea that exposed chat logs are more detrimental than exposed credit card information. I do agree that there are avenues to help with credit card theft and there isn't the same sort of thing for private chat data. However, if I had the choice, I'd prefer "private" chat logs exposed over credit card records exposed. There might be some embarassing stuff, but I'd get over that. Just like I'd get over someone finding porn on my computer or any other embarassing event. Maybe I'm just not having the kind of conversations Vlad is having. Reply Posted: Sep 9th 2006 2:53AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report There's always room for teledildonics references. Reply Posted: Sep 9th 2006 3:01AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report 4. It's kinda lame to say "serves the furfags right." Weird obsession or not, identity theft sucks for anyone. Reply Posted: Sep 9th 2006 3:30AM Antibot said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report I want to make clear that this incident of identity theft or any real case of chat log theft is still very bad. I wouldn't want either to happen to me or anyone. My previous comment was just about which is worse in my opinion. I also wasn't saying anything private can be made public without any problems. We have the right to privacy and that should be respected online and off. Reply Posted: Sep 9th 2006 5:24AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report I would like to know immediately where you got that picture. Why? Because I am one of the 2 furs in that picture and I only know of one site that has ever shown that photo. If you are the author or admin of this board please email me where you got it. Reply Posted: Sep 9th 2006 6:10AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Thanks for the link and extending the conversation along these lines. I do feel like behavioral data is the biggest issue here - there's a lot of, if not sufficient, protection for financial information already. The game has only just begun when it comes to stuff like this. Ironic though, that you have been accused of posting intimate avatar pics without permission! Reply Posted: Sep 9th 2006 6:04AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Hmm, not sure how to feel about that. Not only do I play Second Life, but I have an anthropomorphic avatar. I try to stay as far away from the term "furry" as I can, though. I just figure why play a game as a human if you don't have to? It's supposed to be fantasy. But yeah, Jebus... I haven't tried to log on in two days now. I wasn't even aware of this until now. First that whole thing with the veterans military records being ganked, and now the possibility someone I don't know has my credit card info. God bless the human race, no? Reply Posted: Sep 9th 2006 6:47AM radicoon said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report of all the things on Second Life, you some how nabbed a babyfur screenshot =) not everyday something like that catches my eye. nice, uh, fan service =3 Reply Posted: Sep 9th 2006 7:00AM radicoon said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report And also... #12, Raven, that picture is on Wikipedia for babyfur. Marked with the tag, Second Life. Looks like it wasn't that hard to discover. Reply Posted: Sep 9th 2006 7:31AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Yes it is, but I just wanted to be sure thats the only spot it was. I didn't give permission here, but there i did, so i knew it may have been bound to happen. Reply Posted: Sep 9th 2006 7:55AM chaosrabbit said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Raven, you posed something on the intraweb and are supprided it is showing up other places? No wonder SL got hit. They seem ripe for the pickin. ;) Reply Posted: Sep 9th 2006 7:57AM chaosrabbit said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report *surprised /skulks off to a corner Reply Posted: Sep 9th 2006 8:03AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Hah. I signed up for SL a week ago to see what it was about. Now I'm happy I didn't give them any financial data in exchange for 250 of their virtual 1/3rd pennies. No one ever considers (good) security until they've been violated. Reply Posted: Sep 9th 2006 8:57AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Friendly reminder, SecondLife clearly said that NO CREDIT CARD INFORMATION WAS COMPROMISED. Account names, passwords, and personal data (real age, name, and such) was the only thing in danger here. Reply Posted: Sep 9th 2006 9:54AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report At the current point in online security, it's best to assume there's no such thing as good online security. I still wouldn't expect you to use one password for everything and change them regularly, but at least, there should be a segregation between important (e.g. bill payment, work data) and unimportant (online forums, games [as opposed to game payment]). Additionally if possible, use different passwords for important data. (I don't really trust, nor understand the need for regular password changes. Most online hacking does not rely on brute-force methods since they can be easily stopped and/or detected before proper progress is done, and instead uses software flaws to just obtain the data directly) Reply Posted: Sep 9th 2006 10:21AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Stop hating on the furries, it's the hackers you should hate. Reply Posted: Sep 9th 2006 10:44AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Never really liked the fact that Second Life asked for your credit card details just to play a Demo. Although I'd like to check it out, I just cant bring myself to do it. I know CC details were apparently not breached this time, I'm still glad I had not caved in, because I'd allways have in the back of my head "perhaps they did". Om Reply Posted: Sep 9th 2006 11:10AM erh said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Consider what could happen if some other sites got hacked: If XBoxLive users' real identities got hacked, 12 year old kids might get beaten up for talking shit about "pwning" another player. If MMORPG users' real identities got hacked, people could be murdered in real life for stealing a rare drop in the game. If 4chan.org users' real identities got hacked, many anime fans would be exposed as pedophiles. If SomethingAwful.com users' real identities got hacked, its basement-dwelling nerds would be too afraid to leave their basements and face the people they trash-talk about online. Here's a thought: maybe people shouldn't do things online that they wouldn't do in real life. It would make XBoxLive a more mature environment, MMORPGs fairer, rid the world of "lolicon", and nerds might try to improve their own real lives instead of just bashing everyone elses. Reply Posted: Sep 9th 2006 11:47AM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report That's pretty fucked... I signed up for a free Second Life nearly a year ago, with a Paypal account. I never even got a chance to play it, my video card was too shitty..Wonder what kind of a risk I'm in. Reply Posted: Sep 9th 2006 12:35PM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report 23. Nah, it's not for a demo -- using your card just verifies your account now. (In fact, you don't need a CC to sign up anymore. You can either leave your account unverified, or verify with a cell phone. of course, either way will leave you with either 250 in-game money or none at all, but better than nothing.) Reply Posted: Sep 9th 2006 3:19PM Lekko said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report People still use their real names? wow Reply Posted: Sep 9th 2006 5:16PM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Coupla' points... I might be wrong, but I'm pretty sure archived chat logs aren't available through the SL client, you can only view chat records from your current session. And since a) the breach only covered account details and makes no mention of any other data and b) we assume that Linden Labs aren't recording private chats (right, guys?), it's unlikely anyone is going to have their private conversations broadcast over the net. Also, I didn't quite understand why you would consider someone getting hold of login details more serious than credit card fraud, but I was surprised that you didn't mention the biggest risk, namely that people operate businesses in SL and own huge amounts of land and player-created content. If someone got the password and username of one of the big landowners they could cause havoc; deleting objects, removing land-rights, banning players...it could be extremely damaging for LL. "Never really liked the fact that Second Life asked for your credit card details just to play a Demo. Although I'd like to check it out, I just cant bring myself to do it. I know CC details were apparently not breached this time, I'm still glad I had not caved in, because I'd allways have in the back of my head "perhaps they did"." You don't need a credit card anymore and it's not a demo. You have full access to the world, the only thing you can't do is buy land directly from Linden Labs, instead you have to purchase it through one of the many real estate dealers. Many people play the game perfectly fine with just the basic account. "I signed up for a free Second Life nearly a year ago, with a Paypal account. I never even got a chance to play it, my video card was too shitty..Wonder what kind of a risk I'm in." Well considering that you don't have to give your Paypal password to LL at any point and you never even logged in, you're at no risk at all. Reply Posted: Sep 10th 2006 5:06PM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report What *really* pisses me off about this is that you are required to change your password, and in order to do that, you have to use the secret question/answer thing. I mean, who the crap actually uses those? Every time, I use the answer "OIWEGHOWHVOSHDOHWEOIGHWOIG", so now I have to start a new second life account. Damn it. Reply Posted: Sep 10th 2006 7:26PM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report Second Life? Why not actually try and do something with your FIRST life!? AMIRIGHT? ::sigh:: Reply Posted: Sep 12th 2006 10:08PM (Unverified) said * 2 hearts * [icon-voteup.png] [icon-votedown.png] Report I see where Raven (#11) is coming from: Normally if a pic of you is shared you would prefer to know at the very least WHERE it is. But nobody is being accused or attacked for infringement. In fact I originally took the screenshot and uploaded it claiming "fair use," meaning anybody can use it as a demonstration of SL's content. Permission to share it was obtained merely out of respect and courtesy; no rule prevents tampering or distribution of the file. In contrast, SL's policy promises not to share personal information, and the hacker who obtained some of it obviously broke the law. Reply Sorry, you must be logged in to leave a comment. _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ Info Description Show more MSRP Release Date Genre Developer Publisher Rating _________________________________________________________________ Breaking News [neverwinternightsmmo580_310x160.jpg] BioWare's Neverwinter Nights forums hacked, EA Account information at risk _________________________________________________________________ Featured Stories [gamwwwfuturelogo580-1309041275_75x75.jpg] Weekly Webcomic Wrapup is welcoming the new crew Posted on Jun 25th 2011 11:30PM [hackingheaderimg530px_75x75.jpg] WRUP: Hackers! Posted on Jun 24th 2011 11:20PM [paperplay_75x75.jpg] Xbox Live Indie Gems: The Great Paper Adventure Posted on Jun 24th 2011 5:20PM _________________________________________________________________ The most popular posts in the last 7 days 1. Valve relaunching Team Fortress 2 as free-to-play title 127 comments 2. Dungeon Siege 3 review: An Id's paradise 108 comments 3. Kinect voice and gesture ads present a terrifying future 105 comments 4. Fils-Aime: Consumers' two biggest problems with the 3DS have been fixed 102 comments 5. Microsoft EMEA VP: Xbox 'about halfway through' life because of Kinect 101 comments [favicon.ico] Engadget * Is this the Olympus E-P3? ... * Switched On: Light music ... * Nokia's N950 splayed by FCC, 12-megapixel camera ... [favicon.ico] TUAW * TUAW Talkcast tonight: 7 PM PDT / 10 PM EDT ... * WWDC Interview: Kitty Code ... * Turn your iOS device and Logitech Alert into a ... [favicon.ico] Massively * Week in Review: Spaceships and superheroes ... * EVE Evolved: The day that EVE Online died ... * CCP issues brief mea culpa, EVE CSM to meet with ... [favicon.ico] WoW * Know Your Lore: The clever ins and outs of Ask ... * The Light and How to Swing It: Balancing holy's ... * All the World's a Stage: Heroism and roleplay ... AOL Tech Joystiq © 2011 AOL Inc. All rights Reserved. Privacy Policy | Terms of Use | Trademarks | AOL A-Z HELP | Advertise With Us the end