Neopets, an internet site where people today interact with virtual animals, play online games, and trade pet goods, has had its user database stolen.
In a shorter Twitter thread (opens in new tab), the website verified the breach, implying that it has alerted the authorities and hired a top forensics business to investigate the situation.
It appears that e-mail addresses and passwords used to access Neopets accounts have been affected. We strongly recommend that you modify your Neopets password. If you use the same password on other websites, we strongly suggest that you also modify all of those passwords.
An ongoing situation remains.
Regardless, this appears to be a permanent breach, caused by a vulnerability that may not have been patched. As such, end users may be forced to change their passwords once again, immediately after parent company TNT patches the vulnerability.
According to TNTs recommendations, you should change your password (through My Profile). Nevertheless, TNT has not verified that the vulnerability has been patched yet again, advises a publish on Jellyneo (opens in new tab), a well-known Neopets assist website.
This website was also the primary to disclose additional information about the hack. Apparently, knowledge on a lot more than 69 million individuals was compromised, together with lots of delicate and individually identifiable facts, such as e-mail addresses, genders, IP addresses, international locations, and birthdays all the elements vital for id theft (opens in new tab).
The whole databases (opens in new tab) is said to be for sale on the black market place, for a total of 4 bitcoin, which is really worth about $91,500 at push time. The seller claims that the purchaser may also acquire dwell access to the database for an additional charge.
TNT is only there to ensure that no matter if the sites payment strategies have been compromised. Even though Jellyneo claims we do not believe payment methods have been violated, there is no official confirmation.