Neopet’s security breach may have compromised millions of user accounts
Virtual pet website Neopets has been exposed to a major security breach that may have involved 69 million user accounts.
Confirms the breach of Discord, a Neopets representative said the company is “working on” a response. Hours later, the company took to Twitter to address the breach.
“Customer data may have been stolen,” read the first of one three-part tweet. “We immediately launched an investigation assisted by a leading investigative firm. We are also engaging law enforcement and improving protections for our systems and our user data.”
Neopets has advised all users to change their email addresses and passwords, especially if these passwords have been used elsewhere. “As our investigation continues, we will update you as needed,” the company continued. “We really appreciate your understanding and patience at this time.”
The news of the breakup came first Neopets community site JellyNeo after the alleged hacker offered to sell “the complete database and source code.” The source code includes, among other things, personal information for all users and direct access to the database that will allow any potential buyer to change data, credits and pets in the game.
At the time of writing, it is unclear whether credit card information has also been compromised. Users can purchase the title’s in-game NeoCash currency with their credit card, along with a paid subscription tier that includes premium features such as unlocking dedicated forums and removing ads.
The hacker currently intends to sell the information for the price of four Bitcoin, which converts to around $100,000.
Another Neoday in your life Neopets
When it was launched in November 1999, Neopets‘ claim to fame was allowing users to create their own virtual pets and care for them, similar to Tamagotchis. Like other online communities, it features events themed around real-life holidays in addition to its own economy and interactive storylines. The game also served as a gateway into game development for several developers, including Fullbright’s Nina Freeman.
This is the second time in recent years that Neopets has been hacked. In 2016, tens of millions of accounts were compromised, resulting in the distribution of sensitive user information. Some Neopets however, users also used this information for their own purposes, stealing in-game Neopoints and ultra-rare pets from other players.
Publisher of educational games JumpStart Games acquired Neopets in 2014. JumpStart itself was then acquired by the Chinese network operator NetDragon in 2017. Last year, Neopets the community criticized JumpStart for allowing Metaverse NFTs.