As reported by Polygon, more than 69 million Neopets accounts may have had their customer data stolen in a major data breach. A Neopets representative confirmed through Discord that the company is “actively working” on fixing the issue, and later on the official forum and Twitter released a statement addressing the breach. “Neopets recently became aware that customer data may have been stolen,” reads the first tweet. “We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data.” According to follow up tweets, both email addresses and passwords used to access Neopets accounts have been affected, so if you’re the kind of person that uses one password for anything, and you have a Neopets account, you might want to get on that. The Twitter account noted that updates will be provided as the investigation continues, but so far there haven’t been any since the initial post (the tweets were posted July 21). Apparently the hacker has listed the data for the sum of four bitcoin, which is about $100,000, so clearly there’s good intentions all round from the hacker. What’s unclear is if any credit card information has been garnered from the user data, as it is possible to spend real world money on the game through its paid subscription tier, as well as various purchasable items. It’s probably been a while since you’ve played Neopets, and due to Adobe infamously ending support for Flash in 2020, much of the game no longer works as it used to. There has been a transition to HTML-5, but obviously not enough has been done to protect the security of its users.
