Email addresses, passwords and zip codes are all believed to have been stolen by the hacker
Image: Getty via Denis
Neopets, a site that allows users to collect digital pets and trade pet-related items, has been hit by a data breach that is thought to have affected approximately 69 million users.
Sensitive information such as email addresses, passwords, country, zip code, gender and birthdays are all included in the leaked database.
A user of a hacking forum called ‘TarTarX’ was spotted advertising the entire database in exchange for 4 bitcoins (about $90,000 at the time of writing), as reported first by BleepingComputer.
The owner of the hacking forum Breached.co, a user named “pompompurin,” verified the claims by creating a new account and requesting the details, which TarTarX was able to produce, according to the report.
The hacker indicated that they did not demand a ransom from Neopet owner JumpStart Games, but wanted to sell it to interested parties via their forum post. The exact method of the infringement is still unknown.
Addressing the problem on Twitterthe company stated:
“Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation, assisted by a leading forensics firm. We are also engaging law enforcement and improving the protection of our systems and our user data.”
The breach is the latest in a history of similar events for Neopets, which launched in 1999. 2016, it has been reported that the company database had already been breached in 2012, with 70 million records leaked. It was also claimed at the time that these passwords were stored in plain text.
Neopets recently announced their own series of NFTs, which will be used in an unreleased Neopets Metaverse game. Users can already earn currency known as Neopoints on the website to spend on items. There is also Neocash, a currency used to purchase special items, which has a chance to be won from games or can be purchased by users at a rate of 100NC per $1.
“Again, this story is a perfect illustration of why patching vulnerabilities is the most important thing a company can do to protect itself,” said Jamie Akhtar, CEO and co-founder of cybersecurity company CyberSmart.
“While we don’t know the details of the breach, it was likely that Neopets had performed regular vulnerability testing and regular patching to customers. In the meantime, however, we agree with Neopets’ advice that customers should change their password as a matter of urgency.
“And avoid using anything too similar to the original. Now that the hackers have the information, they can very easily try multiple combinations until they access accounts.”
© Dennis Publishing