Much-loved virtual pet platform Neopets has asked users to update their passwords after experiencing a major data breach.
Information including login details, birthdates and even IP addresses may have been accessed in the leak.
Unverified reports claim the website’s entire database has been put up for sale online, with popular fan site Jellyneo stating all 69 million user accounts have been breached.
Neopets itself hasn’t confirmed exactly how many users are affected, nor has it commented on claims its database is being advertised online.
In an email sent to users Monday, the firm said it has reset players’ passwords and is now working on introducing multi-factor authentication.
The firm also detailed the kind of data potentially accessed, confirming both new and old accounts had been affected.
Neopets first discovered its IT systems had been breached back in July and, on August 10, it determined that personal data had been accessed.
This week, the firm told users that attackers may have accessed the following information for players who registered after 2015:
- Names
- Email addresses
- Usernames
- Dates of birth
- Gender
- IP addresses
- Neopets PINs
- ‘Hashed’ passwords
- Pet information
- Game play information
‘Hashing’ is a data-scrambling technique often used for authentication purposes. It isn’t usually possible to unscramble data after it’s been hashed.
Concerningly, the potentially-breached passwords of users who registered before 2015 were not protected in this way.
So if you had an account way back when — even if it’s been inactive for years — there’s a chance your old password has been stolen.
The firm has urged all registered users to update their password on Neopets and anywhere else it’s used.
The company said in a statement on its website: ‘We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data.
‘It appears that email addresses and passwords used to access Neopets accounts may have been affected.’
‘We strongly recommend that you change your Neopets password. If you use the same password on other websites, we recommend that you also change those passwords.’
The firm says its information seems to have been accessed between January and February 2021, or in mid-July of this year.
What is Neopets?
Launched by British game designers Adam Powell and Donna Williams in 1999, Neopets became a worldwide phenomenon in the early 2000s.
Aimed at children, it primarily allows users to adopt, feed and play with fantasy pets that lived in virtual ‘Neopia’.
In addition to exploring its rich in-game mythology, Neopets allows users to travel to various themed regions, build houses, create shops and chat with other players.
Users can also buy and trade virtual items using the website’s ‘Neopoints’ currency, which can be earned by completing tasks and games.
Initially launched as a completely free platform, in 2007 Neopets introduced a second virtual currency — ‘Neocash’ — which can be purchased with real money or won by chance on the website.
Currently owned by JumpStart Games, the site was originally purchased from its creators by US comms giant Viacom for $160m in 2005.
Although Neopets itself has remained largely unchanged, a banner on the website promises it is now being optimised for mobile devices.
Source: Read Full Article