A recent post on Slashdot discusses the the hacker attack on Second Life. Apparently, a security weakness in Quicktime has enabled hackers to "direct the Second Life software to a malicious Web site that then allows them to 'take over the user's avatar and force it to hand over its Linden cash." The Mercury News reports in more detail. [subscription required to access content] For our purposes this is interesting in exploring virtual identity and the way that it is perceived. While the article describes the hacking as "tak[ing] over the user's avatar," the only actual control seems to be over the avatar's virtual bank account. This raises interesting questions over what it means to be in control of one's virtual identity. The theft of Linden dollars is most analogous to having one's pocket picked in your first life. Few would consider the perpetrator to be in control of their identity in such a situation. Why, then, is this describes as "control"? Is it simply poor word choice or does the act of stealing money change when nobody is doing it? Of course, it could be that in my enthusiasm for semantics, I'm overanalyzing this.