
CURRENT SECTION :: News	UK's most visited IT Contractor Site - 250k unique visitors March 2008

Members
Subscribe to our news letter service to keep current with the latest news and information. Click here to join.

Site Navigation
Home News Contractor Alliance Free Stuff Company Formation Bulletin Board First Timers Trading Structures Legal : IR35 / IR591 Legal : S660 Tax/Legal Q&A Jobs Contract Search Urgent Contracts Overseas Guides Market Stats Money Insurance Training Directory Agency Directory TechZone Contact Us

Search
Advanced Search

News for you
RSS XML feed News feed for your site News feed information

News article sponsored by...

Maximising Contractors' Returns

Safe, effective solutions for contractors

Call now on 08702 880055

'Second Life hacker' nets 660,000 passwords

Hundreds of thousands of internet security passwords are reluctantly being changed after a hacker snooped the personal details of over 660,000 people who regularly play Second Life(SL).

Makers of the world’s fastest-growing online game admit they are unable to determine which accounts were breached, so are advising all 660,800 “residents” to invent new passwords.

Linden Lab said the hacker gained access to customers’ names, addresses, passwords and some payment information, thanks to a security hole in third party-software used on SL servers.

Unencrypted credit card data was not exposed because it is held on separate servers – a relief for the company given its online community sells goods and services worth Ł2million each month.

“We're taking a very conservative approach and assuming passwords were compromised and therefore we're requiring users to change their Second Life passwords immediately,” said Cory Ondrejka, chief technology officer of Linden Lab.

“While we realise this is an inconvenience for residents, we believe it's the safest course of action.”

To reassure the 260,000 people who have already updated their passwords since the warning on Friday, the firm said it will “continue to take aggressive measures” to protect its customers’ security and privacy.

But just changing the password is not going to end the potential security woes for people whose details are in the Second Life database, said Graham Cluley of computer security firm Sophos.

“Gamers may think that once they modify their Second Life password, they've eliminated the danger, however the reality is that the old password may now be used by hackers to target other accounts.

“It's bad enough that criminals were able to gain access to such personal details in the first place, but even if this avenue has now been closed off, hackers could well find themselves with an opportunity to access the email, eBay or even banking accounts of unsuspecting Second Life users," he said.

According to the firm’s figures there is due cause for concern: only 14% of people use a different password for every website, set against the 40% who stick to the same password each time.

"Not every website will treat your password with the same degree of confidentially, so it's vital that users ensure they use different passwords for sites which carry sensitive data about them," Mr Cluley said.

"On top of that, if the passwords deployed are all short dictionary words, it won't be hard for a hacking program to figure them out, so it's equally important to make each password hard to guess."

Far from fretting over the integrity of their details, initial reaction on the Second Life Blog is dominated by frustration from people being locked out of their game accounts.

Either they have failed to recall never-before-used password or can’t remember security prompts within the number of allocated guesses, while others say links to re-enter their details are broken.

Linden Lab has offered to speak over the telephone to concerned gamers, with those in the UK offered a freephone number.

However, this too has caused problems.

One gamer wrote: “I have been locked out as I did not get a question right in security check. Although I know the answer I cannot get back as I have been locked out. I live in the UK. SL has given me a phone number in UK to phone to reset my password. I have checked with British Telecom UK - THIS NUMBER DOES NOT EXIST.”

Second Life gained 130,000 players in the 12 months to 2006 and, buoyed by stories of people earning lucrative second incomes, earlier this year was increasing its economy and total population by 20% each month. Such future growth now appears to be in question.

“As a casual S[econd]L[ife]’er I’m now blocked out of my (one-off payment) account (it didn’t accept my security questions). I’m not in the US and I’m dammed if I’ll hang around on hold for a toll number,” one player told The Linden Blog.

“I guess SL is going to have a population crash as I can’t be the only one having re-authentication issues. Farewell SL, maybe I’ll try again in another life.”

Sep 12, 2006

Email this article
Printer friendly page
Previous Page


All content © Contractor UK Limited	http://www.contractoruk.com/lists/?p=subscribe&id=1[Register for News Letter] \| [Privacy Statement] \| [Terms of Use] \| [Top of Page]