The personal information of more than 69 million members were exposed in a data breach incident of Neopets. This was revealed by Neopets itself, the company that sells virtual pets.
According to the BleepingComputer, the investigation shows that the attackers were able to access the Neopets IT system from January 3, 2021 until July 19, 2022.
Hacker Sells Neopets Database for Four Bitcoins
The data breach in Neopets proved to be much worse than previously thought. This week, the company revealed that the cybercriminals were able to stay within Neopets corporate IT systems for about 18 months, as per Gizmodo.
The hacker was able to linger in the system for such a long time, and Neopets only discovered the breach after a hacker offered to sell a Neopets database. The database was being sold for four bitcoins.
The Neopets database being sold contained 460MB of "source code and sensitive personal information" for the 69 million members, according to the hacker.
This was confirmed by the company on Monday: "The affected information may include the data provided when registering for or playing Neopets, including name, email address, username, date of birth, gender, IP address, Neopets PIN, hashed password, as well as data about a player's pet, game play, and other information provided to Neopets."
Neopets added that those players that have played before 2015, the non-hashed, but inactive, passwords are also compromised.
The worst thing about the situation is a pseudonymous hacker called "TarTarX" was spotted trying to sell the Neopets database for four bitcoins, as previously mentioned.
According to Neopets, it is important to be "vigilant against threats of identity theft or fraud."
Neopets Improves System's Security
To avoid similar incidents in the future, Neopets employed various ways to further improve the security of their system.
The company also improved its system's security in order to lessen the impact of similar incidents to players.
According to Neopets, they have improved network monitoring in order to detect threats in its early stage. Moreover, to further improve the account access protection, the company decided to strengthen the authentication schemes.
Aside from resetting the passwords, the company also decided to add another defense layer through the implementation of multi-factor authentication.
According to the BleepingComputer, Neopets also issued an announcement opting players to change their passwords, particularly if they are "recycling them for other online platforms or services."
Neopets players are asked to remain vigilant, and watch out for emails that ask for sensitive information, particularly those that are related to banking accounts.
According to Kotaku, next to this data breach, another worse thing that happened to Neopets is its "full-on transmogrification into a crypto-fuelled Metaverse experience."
The company launched an NFT collection last September. Through this, users can buy or trade digital assets of their favorite pets.
Since the launch of its NFT collection, Neopets has been very active in manifesting its Web3 destiny. In fact, the company just announced this Friday that it is launching its "free-to-play Metaverse game."
Related Article: Neopets Hack: Hacker Tries to Sell Info of 69 Million Users for Bitcoin