A Neopets data breach has resulted in data being stolen for millions upon millions of user accounts. Email addresses, passwords, and other sensitive account information were taken as part of the breach, with more than 69 million accounts being affected.
What's been stolen in this Neopets data breach?
Data breaches are nothing new in the world of gaming; they've happened to plenty of developers, including high-profile studios like Capcom and CD Projekt Red. Now, however, it's the turn of childhood dream factory Neopets to be hit by a data breach. According to the official Neopets Twitter account, the breach has largely affected email addresses and passwords, and the devs strongly recommend you change your password if you want to make sure your account is protected. However, it seems that some members of the Neopets community don't quite agree with this stance.
Initially, Neopets help site Jellyneo posted that the hack was a "live breach", meaning that changing your password was pointless as the hacker could simply get hold of your new password without issue. However, the site has since updated its advice in this regard, concurring with the Neopets dev team and recommending that you change your password as soon as you can. Jellyneo does also point out that since the devs haven't announced that they fixed the breach, you might need to change your password again when they do release one. The help site confirms that emails and passwords, as well as IP addresses, countries, and other sensitive info, were stolen in the breach, and that this information, as well as a copy of the Neopets site's source code, is on sale on the black market right now for 4 Bitcoin (around $94,500 at the time Jellyneo wrote the post, but these things can be volatile).
Gaming data breaches can sometimes be very dangerous
It doesn't look like sensitive payment data was stolen as part of this Neopets data breach. Jellyneo says it doesn't believe payment info is at risk, but it does point out that the Neopets team hasn't confirmed this one way or the other, so there's a chance that Premium or Neocash payment methods could have been compromised. If no payment methods are included in the breach, then it's still a big deal, of course, but it's not as potentially earth-shattering for users as it might be. If nothing else, it does rather give the lie to the Neopets security page, which claims the site has never been hacked for user info or passwords. That page is still live, by the way.
Neopets is a virtual pet site that got its start back in 1999, whereupon many millennial kids immediately signed up for accounts and started looking after pets. The site was snapped up by Nickelodeon owner Viacom in 2005, subsequently changing hands a couple of times before ending up in the hands of Chinese company NetDragon in 2017. It's still active, although it doesn't enjoy nearly as much popularity as it did during the height of its fame. If you loved Neopets as a kid and want to check on your (probably starving) pets, then you should probably do so sooner rather than later. Make sure to change your password while you're at it, too.
