Rift publisher Trion Worlds' account database has been hacked, potentially compromising information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards.
The firm said in a statement that "there is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way.
"We have already taken further action to strengthen our systems, even as we, with external security experts, continue to research the extent of the unauthorised access," it added. "We apologise for any inconvenience this may have caused you."
Users will be required to change their passwords, security questions and answers next time they log in to Trion's website, and be given the option to connect their account to its Mobile Authenticator to enhance account security.
The firm also advised that customers who used their Trion username and password for other accounts, such as banking, also change those, and carefully review statements and account activity.
"You should have continued, uninterrupted access to Rift, and we do not anticipate any disruptions to your playing time," Trion said. "Nevertheless, if you own the Rift game, you will be granted three days of complimentary Rift game time once you update your password and security questions.
"Additionally, once you update your account and set a new password, your account will be granted a Moneybags' Purse, which increases your looted coin by 10%, even if you have not yet purchased Rift."
Back in March, an account security exploit in Rift was fixed with the help of a "white hat" - or ethical hacker.