Posted on July 24, 2022 at 4:42 AM
Neopets Becomes Victim Of Data Theft After 69 Million Member Accounts Were Exposed
Virtual pet website Neopets has become the latest victim of a hacking incident after suffering a data breach. Hackers stole source code and a database with personal information of more than 69 million members from the website.
Neopets provides virtual pet services where members can register and own, raise, and play with their virtual pets on the platform. The firm recently introduced nonfungible tokens (NFTs) that will be used as part of an online Metaverse game.
However, the platform was exposed by a hacking group called “TarTarX”, who started selling the site’s stolen source code and database for four Bitcoins, worth about $94,000 at the time of writing. While conversing with BleepingComputer, TarTarX stated that they are responsible for the hacking incident and have stolen 460MB of compressed source code from the platform.
The Data Contains Usernames And Passwords Of Members
The group shared a screenshot of the stolen data as proof that they are responsible for the hack. In the screenshot, the stolen data includes the names of the members, their email addresses, usernames, gender, country, zip code, and other personal details.
Although the hackers didn’t reveal how they gained access to the site, they stated that the data was not offered the data for ransom to the owners of the website. However, offers for the data have already started coming from interested buyers.
The authenticity of the stolen data has not been verified. However, the owner of the Breached.co hacking forum, pompompurin, stated that it verified the hacker’s claims by registering a new account on Neopets.com. The forum owner stated that the virtual pet platform sent its newly registered record from the database.
“Vouch, I registered an account on the website and he sent the full entry,” pompompurin stated on the Breached.co forum.
Additionally, the verification goes to an extent to show that TarTarX still has access to the site of the virtual pet even when they started selling the data.
The Hackers Are Still In Control Of The Database
After the news of the hacking incident spread online, the Neopets handlers confirmed on its unofficial Discord server that the site has experienced a security incident and is seriously working to resolve the issue.
The team further warned that changing passwords on the Neopets platform may not be helpful to secure their accounts if the threat actors are still able to access their servers. The team added that since the hackers still have access to the database, they can still check the new details even when the user changes it.
“We cannot therefore strictly advise you on the best course of action given the circumstances,” the team admitted.
However, they advised that users who are sharing the same password with other accounts online should change them as soon as possible to protect their other accounts. Members have been advised to use a strong password and multi-factor authentication methods to protect their other passwords online.
Neopets have also urged its member to access more security tips on its help site Jelleyneo or n the Jelleyneo Twitter account where other members monitor any official update from the Neopets team.
Neopet Has Been Targeted In The Past
This is not the first time the Neopet website will be targeted. In 2016, hackers started circulating data believed to be from the website in a hacking incident that occurred in 2012.
Efforts have been made to reach Jumpstart, the company behind Neopets, but have been unsuccessful as the company has not replied as of press time.
But the Twitter account of Neopets has shared a statement regarding the incident. The company stated that it is aware that customers’ data may have been compromised and stolen from the attack. The platform announced that an investigation was launched as soon as the attack was detected. Following the investigation, with the assistance of a forensics firm, the company is now engaging law enforcement for further inquiry. The platform stated that it seems that the hackers exposed the passwords and email addresses used to access the website.
The investigation is ongoing, and Neopets have promised to keep members updated on any latest development regarding the breach. Since this is not the first time Neopets will e attacked, the company would need to improve its security infrastructure to strengthen the confidence of users that their data is secured.