Neopets hit by data breach, potentially putting millions of users at risk
Data belonging to 69 million Neopets account holders reportedly exposed
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Neopets, a website where people own virtual pets, play games and trade pet-related items, has had its userdatabasestolen.
In a shortTwitter thread, the site confirmed the breach, explaining it has notified the police and brought in a “leading forensics firm” to address the issue.
“It appears that email addresses andpasswordsused to access Neopets accounts may have been affected. We strongly recommend that you change your Neopets password. If you use the same password on other websites, we recommend that you also change those passwords," the thread states.
Ongoing incident
However, this seems to be an ongoing breach, caused by a vulnerability that likely has not yet been patched. As such, users could be asked to change their passwords again, after parent company TNT plugs the security hole.
“As per TNT’s suggestions, we recommend you update your password (via “My Profile”). However, since TNT has not confirmed that the vulnerability has been patched, be prepared to change it again once we get the all clear,” advises a post onJellyneo, a popular Neopets help site.
This site was also the one to share more details on the hack. Allegedly, data on more than 69 million users was compromised, including plenty of sensitive and personally identifiable information, such as email addresses, passwords, genders, IP addresses, countries, as well as birthdays - all the ingredients necessary foridentity theft.
Top data breaches and cyber attacks of 2022>AMD is investigating a serious potential data breach>These are the best patch management services available right now
The entiredatabasehas allegedly been put up for sale on the black market, for a total of four bitcoin, which is worth roughly $91,500 at press time. The seller also claims the buyer can get live access to the database, for an extra fee.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
TNT is yet to confirm whether the site’s payment methods were compromised. Although Jellyneo says “we don’t believe payment methods were breached”, an official confirmation is missing.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
