Neopets has suffered a data breach that exposed the personal information of over 69 million members.
Neopets is a virtual pet website. Users can own virtual pets (“Neopets”) and buy virtual items for them using one of two virtual currencies. One currency, called Neopoints, can be earned within the site, and the other, Neocash, can either be purchased with real-world money or won by chance in-game.
On Tuesday, a hacker known as ‘TarTarX’ began selling the source code and database for the Neopets.com website for four bitcoins.
In a conversation with BleepingComputer, TarTarX says that they stole the database and approximately 460MB (compressed) of source code for the neopets.com website.
The seller claims that this database contains the account information of over 69 million members, including members’ usernames, names, email addresses, zip code, date of birth, gender, country, an initial registration email, and other site/game-related information.
After the news of the breach spread online, the Neopets team, designated by the TNT abbreviation, has confirmed on Discord that they are aware of the security incident and working on resolving it.
“We should note that the effectiveness of changing your Neopets password is currently debatable as long as hackers have live access to the database, as they can simply check what your new password is,” reads an announcement on the Neopets Discord server.
“We cannot therefore strictly advise you on the best course of action given the circumstances.”
