Neopets data breach exposes 69M accounts, source code

[Spotty]

Summary

The online children's gaming website Neopets has suffered an extensive data breach with the database of 69 million accounts being exposed along with the sites source code. The hacker appears to still have access to Neopets systems (as of 20/07/2022).

 

Quotes

Quote

Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members.

On Tuesday, a hacker known as 'TarTarX' began selling the source code and database for the Neopets.com website for four bitcoins, worth approximately $94,000 at today's prices..
The seller claims that this database contains the account information of over 69 million members, including members' usernames, names, email addresses, zip code, date of birth, gender, country, an initial registration email, and other site/game-related information.

^{Source: Bleepingcomputer, via hacking forum}

 

Quote

After the news of the breach spread online, the Neopets team, designated by the TNT abbreviation, has confirmed on Discord that they are aware of the security incident and working on resolving it.

"We should note that the effectiveness of changing your Neopets password is currently debatable as long as hackers have live access to the database, as they can simply check what your new password is," reads an announcement on the Neopets Discord server.

"We cannot therefore strictly advise you on the best course of action given the circumstances."

However, if you use the same Neopets password on other sites, you are strongly advised to change your password on those sites to a different one.

 

My thoughts

Nice...
I'm actually surprised Neopets is still going after over 20 years. I remember it from when I was a kid and that was what feels like a long time ago.

 

Changing passwords on Neopets.com won't help as the hacker, who still has access to the system, would still have access to any new password you enter. It is still recommended to change passwords on any other websites you may have used that password on. This is another good reminder that you should use unique passwords for each site/service.

Most people on this forum are probably too old to be playing neopets still, but some might have kids who play it. If your kids played Neopets this might be a good opportunity to talk to them about internet safety and account security.

 

 

Sources

https://www.bleepingcomputer.com/news/security/neopets-data-breach-exposes-personal-data-of-69-million-members/

[SignatureSigner]

not so Nice

[Motifator]

Well, what is it...
 

 

[starsmine]

Shit again? this is like the third time for them, poor guys
the first one(2013) was oof but also was back then passwords were stored in plain text (since no one updated that back end, or knew about it as the team had changed hands so many times, same old system from the 90s), at least this time it was salted and hashed which they learned about after.
dont know much about the 2nd one in 2020.

this one, being actively in the system so changing passwords is not helpful is damn impressive.

[Motifator]

Oh yeah, I now remember. This has happened before in past for this company. The pony incident tends to be forgettable, though... (lol).

Also, the hacker doesn't seem the wisest as he uses the GIVE ME BTC OR I WILL XYZ method. Literally one of the most dumbfounded ways to ask for stuff because it's the default mail that you get when somebody spams you that your porn archive is in their hands with your webcam data or whatever the heck. 

Virtual petting doesn't deserve any better though.

[TetraSky]

Oh no... Sucks for current users, but I doubt any old timer who used to play neopets years ago have anything to worry... Unless they are dumb enough to still use the same email and password for everything.

 

Last I checked neopets to replay an old game, half the games didn't work because they were still flash based after flash got trashed on our browsers. No idea if they ever fixed that.

[BiotechBen]

Neopets is still around? Don't even know what username or password I would have used back then....

[starsmine]

21 minutes ago, TetraSky said:

Oh no... Sucks for current users, but I doubt any old timer who used to play neopets years ago have anything to worry... Unless they are dumb enough to still use the same email and password for everything.

 

Last I checked neopets to replay an old game, half the games didn't work because they were still flash based after flash got trashed on our browsers. No idea if they ever fixed that.

I just checked and nope, most of the games were lost to the transition.
I did go back to neopets for a while as an adult in college in the mid 2010s, but neopets getting bought by jumpstart and most of TNT getting lost in the transition and half the stuff breaking in the server transfer soured me. Jumpstart really had zero idea what to do with it at the time. I heard they tried to bring back some of the old style events, but I wasnt there to participate. 

[Arika]

Quote

I'm also selling the full access to the database, so you can modify data, credits or in-game pets, attributes... EVERYTHING you want.

is the target market for all the user data and source code really the same people that would want to give themselves all the money and pets?

[leadeater]

Ah crap, I had an account on there.... too long ago I'm not going to say lol

[GhostRoadieBL]

Oh no! Wait neopets is still a thing? That's like hearing newgrounds had a data breach and they stole everyone's flash game highscores. I'm fairly sure most people will be able to recover from childhood password losses.

[rcmaehl]

Oh, maybe they can find my account from elementary school and reset my PW for me since I forgot everything.

 

Also, isn't neopets owned by the Church of Scientology

[starsmine]

4 minutes ago, rcmaehl said:

 

 

Also, isn't neopets owned by the Church of Scientology

No, and it never was. An early CEO was a scientologist, the church itself had very little influence on it, and that CEO was largely kowtowed by the two creative leads who made neopets anyways.

[williamcll]

ouch