69 million users of Neopets were affected by the hacker's theft of information.
The hack was confirmed by posts from the official Neopets accounts on July 20th and the company hired a forensic firm to investigate. All site users should change their passwords as a precautionary measure, according to the social media posts.
Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data. (1/3)
— neopets (@Neopets) July 21, 2022
A hacker named TarTarX began to offer data for sale on a hacking forum on Tuesday. According to reports, the hacker wanted a price of 4 Bitcoins for the data.
There is a chance that the stolen data could be used to phish or otherwise trick users in the wrong hands.
According to BleepingComputer, the owner of the hacking forum where the data was posted confirmed that the live version of the Neopets site database is still accessible. This suggests that even the precautionary measures advised by Neopets wouldn't be enough to protect a user's account from unauthorized access.
The Neopets site was first launched in 1999 and has suffered from a number of security issues in the last few years. In the year 2016 tens of millions of users' details were stolen and traded on hacking forums. In 2020, security researchers discovered that the site's entire codebase was being sold due to administrator credentials that had been written directly into sections of code.
The Neopets franchise looked to turn its beloved characters into a line of NFTs. The operators of a popular fan site described the move as a cash grab.
By the time of publication, the request for comment had not been responded to.