[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 26 September 2006, 07:30 GMT 08:30 UK
Security row upsets Second Lifers
Screenshot from Second Life, Linden Lab
The social side of Second Life attracts many players
The creators of the Second Life online world have been criticised by members over a security breach that exposed confidential information.

On 11 September all Second Life users were asked to change their password following a successful attack on one of the virtual world's core databases.

Second Lifers contacted the BBC saying they had not been given enough detail about what was exposed to hackers.

But Second Life's bosses said they had done everything to keep users informed.

Life lessons

The malicious hackers got into a database holding the names, addresses, personal information and scrambled credit card numbers of about 650,000 users of the virtual world. They reportedly broke in via a third-party web program.

Linden Lab, creators of Second Life, said it took the precaution of making all users change their password because it only knew the total size of the data stolen rather than its specifics.

Some Second Life users who contacted the BBC took Linden to task over its handling of the breach.

"To say I'm unhappy with the way Linden Labs have dealt with it is an understatement," said one Second Life member who asked to remain anonymous.

She criticised the fact that Linden Lab even maintained a database that kept scrambled credit card numbers alongside the names and addresses of Second Lifers.

The loss of the personal details would also likely prove useful to criminals, she said.

"Almost all the information you need for budding identity theft," she said.

There were fears that details for credit cards used to pay for Second Life accounts have been grabbed by criminals.

Linden had also proved "unhelpful" when she tried to get more details about what had happened and how the credit card data was scrambled.

Screengrab from Second Life, Linden Lab
Second Life is a fantastical take on the real world
Regular Second Lifer Jo Twist also said there was widespread agreement that Linden had handled the incident badly rather than the fact it happened.

"Generally, people are expecting these kinds of breaches to happen in this day and age despite best efforts to protect systems," she said.

On many Second Life discussion boards members asked for far more details about what had been compromised and what could be done with the information.

Some feared that the loss of personal information would be used to link Second Life avatars with real people - a situation that could have serious consequences for many.

Philip Rosedale, chief executive and founder of Linden Lab, defended the way that the aftermath of the security breach had been handled.

He said Linden told users about its fears that data had been lost on the same day it discovered that the information may have gone astray.

"We don't have any positive proof that anything was taken, only proof that someone was logged into our system," he said. "We erred on the side of caution in informing users as soon as possible."

Following the breach, he said, Linden was changing procedures so far less personal data on Second Life members was kept. Sensitive data was being protected with stronger encryption.

He added that so far there was no evidence that credit cards used to pay for Second Life or personal information about its members was being abused.

He concluded: "We would compare our performance on this with anyone who has suffered a similar security breach."

Security breach hits online world
11 Sep 06 |  Technology
The evolution of the web
12 Sep 06 |  Technology
BBC starts to rock online world
12 May 06 |  Technology
Cash card taps virtual game funds
02 May 06 |  Technology
Gamer buys virtual space station
25 Oct 05 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific