A hacker claims to have stolen information from Neopets, the long-running virtual pet website, affecting 69 million users of the service.
The hack was confirmed by posts from Neopets’ official Twitter and Instagram accounts on July 20, with a tweet telling the public that the company “recently realized that customer data may have been stolen” and hired a forensics firm to investigate. The social media posts did not provide more information about the scope of the hack but suggested that all users of the site change their passwords as a precaution.
Neopets recently realized that customer data may have been stolen. We immediately launched an investigation with the help of a leading forensic company. We are also involved in law enforcement and enhanced protection of our systems and user data. (1/3)
– Neopets (Neoptes) 21 July 2022
As per the details you provide ComputerOn Tuesday, a hacker named TarTarX began offering data for sale on a hacking forum. The hacker was reportedly asking for the price of 4 Bitcoins for the data, equivalent to approximately $90,500.
Details of the database schema shared by the hacker indicate that the stolen data includes not only usernames, emails and passwords but also users’ date of birth, zip code, gender, and country – multiplying the chance that it could be used for phishing or otherwise defrauding users in the wrong hands.
The forum post posted by the hacker also claims to still be able to access the live version of the Neopets website’s database – fact Computer It was confirmed by the owner of the hacking forum where the data was posted. If true, this indicates that even the precautionary measures advised by Neopets will not be sufficient to protect a user’s account from unauthorized access.
First launched in 1999, Neopets has suffered from a number of security holes in recent years, notably after the transfer of ownership from Viacom to JumpStart Games in 2014. In 2016, a similar data breach resulted in tens of millions of user details being hacked. Stolen and circulated on hacking forums. And in 2020, security researchers discovered access to an entire site database being sold due to administrator credentials written directly into sections of code discovered by hackers.
More recently, the Neopets series has sought to spin off the metaverse and turn its beloved characters into a series of NFTs. But the move was widely criticized by fans, with operators of one of the most popular fan sites calling it a “cash takeover”.
A request for comment sent to Neopets had not been responded to at the time of publication.