A hacker claims to have stolen information from Neopets, the long-running virtual pet website, affecting the service’s 69 million users.
The hack was confirmed by posts from Neopets’ official Twitter and Instagram accounts on July 20, with a tweet informing the public that the company “recently became aware that customer data may have been stolen” and had initiated an investigation. forensic company to investigate. Social media posts did not give more information on the extent of the hack, but suggested that all users of the site change their passwords as a precaution.
Neopets recently realized that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensic firm. We are also engaging law enforcement and improving the protection of our systems and user data. (1/3)
— neopets (@Neopets) July 21, 2022
According to details reported by BeepComputer, a hacker named TarTarX began offering data for sale on a hacking forum on Tuesday. The hacker reportedly solicited a price of 4 Bitcoins for the data, which equates to approximately $90,500.
Details of a database schema shared by the hacker suggest that the data stolen includes not only usernames, emails and passwords, but also date of birth, zip code, the gender and country of the users, which increases the risk that they can be used for phishing or otherwise. defraud users into the wrong hands.
The forum post authored by the hacker also claims that he continues to be able to access the live version of the Neopets site database – a fact. BeepComputer reports as confirmed by the owner of the hacking forum where the data was posted. If true, this suggests that even the precautionary measures advised by Neopets would be insufficient to protect a user’s account from unauthorized access.
First launched in 1999, the Neopets site has suffered from a number of security breaches in recent years, particularly after Viacom changed ownership to JumpStart Games in 2014. In 2016, a similar data breach occurred. leads to potentially tens of millions of user details. being stolen and traded on hacking forums. And in 2020, security researchers discovered that access to the site’s entire codebase was being sold due to administrator credentials being written directly into code sections discovered by pirates.
More recently, the Neopets franchise has sought to pivot to the metaverse, turning its beloved characters into a line of NFTs. But the move was widely criticized by fans, with the operators of one of the most popular fan sites describing it as a “money grab”.
A request for comment sent to Neopets had not received a response at the time of publication.