It’s not unusual for a company to get hacked. It happens a lot more often than any of us think, and a lot more often than System Admin’s are comfortable with. That is why I am somewhat amazed that Second Life had ANY unencrypted customer data.
There is no reason to leave customer data exposed – even seemingly-benign data can and should be encrypted. Why? Because it sets an internal expectation for your development team, admin’s, etc. It tells them that you consider ALL customer data to be encrypted.
I don’t “play” Second Life – I can’t commit to the kind of time it takes to make the experience worthwhile. And now I am glad I didn’t even sigh up for that “free trial”, since it takes a credit card number. I know they say that type of information wasn’t on the affected system, but the truth is, they a just being to coy about exactly what was compromised for me to believe them when they tell me what wasn’t compromised.