Second Life, the online game that lets people play out fantasy lives in a fantasy world, has suffered a zero-day attack that compromised the personal data of its hundreds of thousands of users.

Its 650,000 users were notified via email that they must reset their passwords in order to re-access their avatars, or online alter egos.

The hack was discovered on 6 September and was shut down the same day; however, Linden Labs, the company behind Second Life, has said that unencrypted information, include Second Life account names, real life names, and contact information, as well as encrypted account passwords and payment information, was compromised.

Unencrypted credit card information, stored on a different database, has not been compromised.

Second life “residence” design avatars for themselves, and are able to interact with other participants, as well as buy and sell land and set up business using Linden Dollars, which can actually be exchanged for real currency.

The canny businessmen behind the virtual world have even managed to sell virtual space to major multinational companies like Coca-Cola.