Every player of Second Life has been asked to change the password they use to enter the popular online world.
Many people try extreme sports in Second Life
The alert follows a security breach in which a malicious hacker broke into a database holding information about Second Life's 650,000 users.
This held names, addresses, passwords and encrypted credit card information.
Linden Lab, the creators of Second Life, said a second database holding unencrypted credit card data was not compromised.
The security breach was discovered on 6 September and in an e-mail sent on 8 September Linden Lab informed all Second Life members about the problem and told them to renew their passwords.
"While we realize this is an inconvenience for residents, we believe it's the safest course of action," said Cory Ondrejka, the chief technology officer of Linden Lab in a statement about the security upset.
Over the weekend Linden Lab updated its security arrangements to help those users who had forgotten or lost some of the information used to re-set passwords.
Second Life is an online world which, as its names implies, allows users to live out another existence. Members choose an avatar then use it to explore the Second Life world.
Users can buy virtual land and build a home or take part in all kinds of pastimes they may never try in the real world. Many residents of Second Life throw parties and bands such as Duran Duran are starting to stage gigs in the world.
Second Life has gained a lot of publicity because real world firms have set up shop in the online world. Recently American Apparel has created digital copies of real stores to sell virtual clothes to Second Life members.
According to the Second Life webpage more than 286,000 Second Lifers have logged in to the game world in the last 60 days.
An ongoing investigation by Linden Lab into the security breach found that it involved an attack on the software used on its membership database.
It took the serious step of asking people to renew their password because the nature of the attack meant it could not find out which personal records had been looked at by the attacker.