Press Releases

Browse our press release archive

11 Sep 2006

Hackers may get second chance to benefit from Second Life security breach

Using the same password on multiple websites increases risk of falling victim to hackers

Many users make the mistake of using the same password on multiple websites
Many users make the mistake of using the same password on multiple websites.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned computer users that using the same password on multiple websites greatly increases the risk of falling victim to hackers, following news that players of a global online game have been asked to change their passwords due to a security breach.

Players of the "Second Life" online fantasy game were asked to change their passwords after a hacker broke into a database holding information about the game's 650,000 users. This information included addresses, passwords and encrypted credit card details. According to Sophos, while changing passwords will prevent criminals from gaining access to users' Second Life accounts, they could still be at risk if they use the same password for other websites.

"Gamers may think that once they modify their Second Life password, they've eliminated the danger, however the reality is that the old password may now be used by hackers to target other accounts," said Graham Cluley, senior technology consultant at Sophos. "It's bad enough that criminals were able to gain access to such personal details in the first place, but even if this avenue has now been closed off, hackers could well find themselves with an opportunity to access the email, eBay or even banking accounts of unsuspecting Second Life users."

recent Sophos web poll uncovered that 41 percent of business PC users admitted to using the same password all the time, while just 14 percent use a different password for every website they access.

"Not every website will treat your password with the same degree of confidentially, so it's vital that users ensure they use different passwords for sites which carry sensitive data about them," continued Cluley. "On top of that, if the passwords deployed are all short dictionary words, it won't be hard for a hacking program to figure them out, so it's equally important to make each password hard to guess."

Sophos continues to recommend companies protect their desktops and servers with automatically updated anti-virus protection, and educate their employees on safe computing, including the intelligent use of passwords.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at