High Fidelity users just got an e-mail from Philip Rosedale, CEO and founder of the new social VR world, announcing this unwelcome news:
Recently, we determined that a High Fidelity staff email account was compromised. Based on an audit of our logs, it appears that the account was accessed by an unauthorized user in late December and again in early January. I’m contacting you today because this compromise may have exposed your email address and High Fidelity account username. Your password was not decodable from this information, and no payment or credit card information or history was accessed.
Full text of e-mail below, including steps the company is taking to protect their users. One of the key takeaways, Philip tells me, is "it underscores the importance of a correct long-term design for secure identity - something that I think we can lead the discussion on." As he points out in the e-mail:
Looking forward, this is an opportunity to touch on how important we think identity and the security of your identity will be in virtual worlds... It is our belief that as High Fidelity becomes widely used as a platform, we must design and implement identity systems which are decentralized, under the control of you (not us), and ideally impossible to breach through any single point of attack.
That's decentralized versus the centralized services like Facebook and Twitter that most of us use mostly every day -- and are seemingly breached every day. Anyway, full announcement below: