Major Neopets hack may compromise tens of millions of accounts

polygon.com:

More than 69 million Neopets accounts may be compromised after a major data breach was revealed Wednesday. A Neopets representative initially confirmed via Discord that the company is aware of the breach and “actively working on it.” Hours later, a Neopets representative published a statement on the site’s forum and on Twitter addressing the breach.

“Neopets recently became aware that customer data may have been stolen,” it tweeted. “We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data.”

Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data. (1/3)

Neopets community website JellyNeo reported the breach Wednesday after the reported hacker offered to sell the “complete database and source code,” which includes emails, passwords, and other personal information, as well as live access to the database where a buyer can “modify data, credits or in-game pets,” on a data breach forum. The hacker listed the data for a price of 4 bitcoin, or roughly $100,000. The Neopets team confirmed that email addresses and passwords have been compromised, and advised that players change their passwords on Neopets and elsewhere. It didn’t, however, mention the scope of the breach.

Neopets does offer a paid subscription tier which removes ads and unlocks dedicated forums and some premium features. Players can also purchase NeoCash to spend in the NC Mall on various Neopets items to use on the website. It’s unclear if user credit