The great, glass eye that sits unnervingly on the roof of Oculus’ Irvine headquarters is capable of seeing all – but it’s been occupied lately, trawling reactions to the company’s planned Facebook acquisition on Reddit. No small, hairy-footed intruders have managed to slip by unnoticed, to Oculus’ knowledge – but a potential security issue with the company’s Developer Center went undiscovered until the weekend. It was serious enough that the VR specialists temporarily took down their systems until it was resolved.
Running one of their regular security audits at the weekend, Oculus uncovered a vulnerability that hackers could exploit via SQL injection – a technique that would hypothetically allow an attacker to access Oculus’ database contents.
Once they’d discovered the weak link, Oculus turned off their Developer Center systems “as a precautionary effort” and set about applying the necessary fixes. That now done, they’re asking all users to change their passwords upon next login, as an extra security measure.
There are no credit card details or addresses stored in the Developer center database; no nuclear codes or state secrets. Oculus say they don’t have any reason to believe that “personal or confidential” information was taken before the weekend – but apologised for the incovenience.
Oculus are only going to become more visible, and thus more frequently targeted, as this VR business steps up. Do you think they’re up to facing the onslaught?