A hacker is making an attempt to promote what they declare is stolen source code and a database of greater than 69 million consumer accounts from Neopets, a well-liked digital pets web site that launched all the way in which again in 1999. The official Neopets account on Twitter has posted a message saying it’s investigating the information breach and “strongly” recommends that customers change their passwords.
Whether that can do any good is up for debate. A moderator on the Neopets Discord channel says that so long as hackers nonetheless have stay entry to the database, altering passwords is pointless, as they might nonetheless be viewable by the wrongdoer(s).
“We cannot therefore strictly advise you on the best course of action given the circumstances,” the volunteer moderator wrote.
Nevertheless, the advice posted to the official Neopets Twitter account is for all customers to alter their passwords, in addition to for some other websites where they is perhaps utilizing the identical one (which is an efficient safety observe regardless). Neopets additionally promised to offer an update on its investigation when it has extra information to share.
In the meantime, customers have identified that the positioning’s Account Security web page is comically (or tragically) in want of an update. At the time of this writing, it nonetheless states, “Contrary to what many people claim, no one has ever ‘hacked into our site’ and accessed user information, accounts, or usernames.” It goes on to chastise individuals who declare they’ve been hacked, saying they solely accomplish that as a result of “it makes them feel a little better than admitting they have fallen for a scam.” Yeah, Neopets ought to most likely stroll that one again, and soften the aggressive tone, too.
Neopets has not confirmed the total extent of the breach, although a hacker often known as TarTarX is taking credit score and has listed round 460MB of compressed knowledge on the market on a hacking discussion board. They declare it accommodates delicate account knowledge for over 69 million Neopets customers, together with usernames, actual names, e mail addresses, ZIP codes, dates of start, gender, nation, preliminary e mail registrations, and extra.
TarTarX instructed BleepingComputer that it selected to not ransom the information to Jumpstart, the agency that owns Neopets, and as a substitute is fielding curiosity from potential patrons. Furthermore, the proprietor of the discussion board instructed the positioning they had been are capable of confirm the authenticity of the stolen knowledge by registering a Neopets account after which having their particulars despatched to them.
The implication there’s that not solely is the stolen knowledge doubtless professional, however TarTarX seems to nonetheless have entry to the breached database, or at the least did after posting the information dump on the market. TarTarX’s asking worth is 4 Bitcoin, which is presently price $90,580.