Neopets warns of ongoing data breach affecting 69m accounts

Neopets has suffered a serious data breach, resulting in personal information such as email addresses and passwords from over 69m accounts being leaked.

Users are now being urged to change their password for Neopets and any sites that use their Neopets password.

On Wednesday, community site Jellyneo revealed that Neopets is actively being hacked.

With help from an anonymous tip, they discovered the database and source code for Neopets was being sold on a hacker website. The seller was offering this access to buyers for 4 Bitcoin, which at the time of the breach was revealed was worth around $94,500.

For an additional fee, the seller was offering live access to the database, meaning that even if users changed their password, their information would still be available on the black market.

Neopets support team TNT issued a statement a few hours after the hack was publicised by Jellyneo, stating its acknowledgement of the issue in which “customer data may have been stolen”. The team further stated it was investigating the hack fully and had contacted a forensics firm and law enforcement to aid the investigation. In the meantime, TNT asked users to change their password.

Payment methods are not thought to be at risk, but TNT is yet to respond to this question which is a point of concern for many of its users.

The Neopets website received an update early this morning, which repeats the previous statement from TNT to ensure users are aware of the ongoing matter.

At time of writing, there have been no further updates from TNT on whether financial information is at risk, the source of the hack, or whether the security flaw that allowed external access has been patched.

Users should change any passwords for sites which shared their Neopets password whilst the vulnerability is still unconfirmed to have been fixed.