A hacker claims to have stolen data from Neopets, the long-running digital pet web site, affecting 69 million customers of the service.
The hack was confirmed by posts from the official Neopets Twitter and Instagram accounts on July twentieth, with a tweet informing the general public that the corporate “not too long ago turned conscious that buyer knowledge could have been stolen” and had employed a forensic agency to research. The social media posts didn’t give additional details about the scope of the hack however prompt that every one website customers change their passwords as a precaution.
Neopets not too long ago turned conscious that buyer knowledge could have been stolen. We instantly launched an investigation assisted by a number one forensics agency. We’re additionally participating legislation enforcement and enhancing the protections for our techniques and our consumer knowledge. (1/3)
— neopets (@Neopets) July 21, 2022
Based on particulars reported by BleepingComputer, a hacker named TarTarX started to supply knowledge on the market on a hacking discussion board on Tuesday. The hacker was reportedly soliciting a value of 4 Bitcoins for the info, equal to roughly $90,500.
Particulars of a database schema shared by the hacker counsel that the stolen knowledge consists of not solely usernames, emails and passwords but additionally customers’ date of start, zip code, gender, and nation — compounding the possibility that it may very well be used to phish or in any other case defraud customers within the mistaken palms.
The discussion board put up made by the hacker additionally claims that they proceed to have the ability to entry the reside model of the Neopets website database — a reality BleepingComputer stories as being confirmed by the proprietor of the hacking discussion board the place the info was posted. If true, this implies that even the precautionary measures suggested by Neopets could be inadequate to guard a consumer’s account from unauthorized entry.
First launched in 1999, the Neopets website has suffered from quite a lot of safety lapses in recent times, significantly after possession modified palms from Viacom to JumpStart Video games in 2014. In 2016, an identical knowledge breach led to probably tens of millions of users’ details being stolen and traded on hacking boards. And in 2020, safety researchers discovered access to the site’s entire codebase being sold as a result of administrator credentials that had been written immediately into sections of code found by hackers.
Extra not too long ago, the Neopets franchise has occasion appeared to pivot into the metaverse, turning its beloved characters right into a line of NFTs. However the transfer was extensively panned by followers, with the operators of one of the crucial common fan websites describing it as a “money seize.”
A request for remark despatched to Neopets had not been answered by time of publication.