Neopets has been hacked, exposing the personal data of reportedly 69 million accounts. The official Neopets Twitter account has warned players that both their email addresses and password may be vulnerable. It also advises that users change their password on other websites if it is the same as their Neopets account. Changing your password on Neopets will likely have little effect, however, as this is thought to be a live breach.
The hackers who obtained the data are trying to sell it. An entry for the data has been posted on BleepingComputer, a website that covers computer technology and cyber security. The post prices the database at four bitcoin (roughly $95,000 USD). Despite Neopets only listing email addresses and passwords as vulnerable data, this post also claims to have access to ages, birth dates, genders, nationalities, and IP addresses. Thankfully, it doesn’t appear as though credit card information is involved.
This is not the first time that Neopets has been hacked. Aa similar event happened in 2016, revealing the data of an alleged 70 million accounts. Something similar happened in 2020 with a codebase. The virtual pet website has had a history of failing to implement effective security measures. For this latest breach, it was revealed that the data was apparently not encrypted.
Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data. (1/3)
— neopets (@Neopets) July 21, 2022
Neopets probably needs to update its Account Security page. It currently reads “no one has ever ‘hacked into our site’ and accessed user
Read more on pcinvasion.com