According to Linden Lab, publisher of the online virtual world "Second Life," its databases were broken into by an unknown party Wednesday, and some user information may well have been accessed.
"On September 6 we discovered evidence that an intruder was able to access the 'Second Life' database through the web servers," Linden Lab wrote on its public forums Friday. "The exploit was shut down on the afternoon of September 6 when we discovered it."
The forum posting, by vice president of community development and support Robin Harper, said that a two-day investigation confirmed that "some of the unencrypted customer information stored in the database was compromised, potentially including 'Second Life' account names, real life names and contact information, along with encrypted account passwords and encrypted payment information."
She went on to say that Linden does not store unencrypted credit card data in its databases, and therefore that data was not compromised.
But it is taking action to protect users, it said, by immediately de-activating all "Second Life" passwords and requiring all users to create new ones.