Second Life developer Linden Lab has disclosed that the online virtual world's customer database has been compromised by an intruder.
The intrusion was discovered on September 6, according to an announcement made two days later at the official Linden Lab blog. In a subsequent FAQ posted at the Second Life community forums the company indicated that the accessed database included, "Customer account information, including Second Life account names, real-life name and contact information in unencrypted form. Account passwords and payment information (consisting of credit card numbers and Paypal transaction IDs) are stored in this same database in encrypted form."
Linden Lab added, "There is no way to identify which data were accessed at the level of individual users," and said that investigation into the type of data obtained was ongoing. As a precaution, the company invalidated all Second Life account passwords, requiring users to obtain new passwords via email before logging back in to Second Life. Linden Lab has since reported that the compromised system was "rebuilt and made secure," and that they have gathered a "significant amount" of information about the attack and attacker.
There are currently more than 660,000 subscribers to Second Life, which allows users to interact anonymously within a 3-D virtual world whose content is created and owned solely by its users.