Neopets , the virtual pet website , was hacked and harmed 69 million users of the service. The attacker confessed to entering the site and via tweets and Instagram posts . The company reported the invasion last Wednesday (20).
In the tweet, Neopets warns its customers that it “recently became aware that customer data may have been stolen” and that it had already hired a forensic organization to investigate the case. Social media posts did not provide further information on the cybercriminal’s reach, but recommended that all platform consumers change their passwords as a precaution.
According to BleepingComputer, the hacker named TarTarX started selling the information collected on a cybercriminal forum and would be asking for the value of 4 Bitcoins for the data, equivalent to approximately $90,500.
Furthermore, it is suspected that the stolen data includes not only usernames, emails and passwords, but also the users’ date of birth, zip code, gender and country, increasing the chance that they could be used to phishing or to spoof users into the wrong hands.
In a statement, the forum also reports that criminals may still have access to the Neopets website’s database, a fact that BleepingComputer says is confirmed by the owner of the hacking forum where the data was posted.
If this information comes true, it can be said that even the precautionary measures taken by Neopets are not enough to protect an attacker’s account.
The Neopets platform opened in 1999 and since then has experienced numerous security breaches and intruder issues, particularly when ownership changed hands from Viacom to JumpStart Games in 2014.
A similar case happened in 2016, which caused tens of millions of user details to be stolen and traded on hacking forums.
Currently, Neopets is looking to play in the metaverse, altering its characters in a lineup of NFTs. However, the brand’s fans did not like the idea very much and this suggestion was highly criticized.