A rogue hacker has reportedly stolen over 69 million Neopets accounts, and is currently attempting to sell the information for roughly $92,000 in bitcoin.
Neopets is a long-running virtual pet website where users can dress up their pets, play minigames, participate in a virtual economy, and socialize with other members of the community. Users can spend real money to unlock extra costumes, remove ads, and gain access to extra game perks. However, memberships can only be purchased with a credit card and identifying information. While Neopets has existed since 1999, the website still has nearly 4 million visitors per month as of April this year.
The community fansite Jellyneo reported that the hacker was able to obtain “the complete data and source code” of the website, which means that all accounts’ emails and passwords are potentially compromised. This morning, Neopets acknowledged that “customers’ data may have been stolen.” However, it did not acknowledge the size of the breach, or whether or not credit card information was also affected. Neopets staff also asked users to change their login passwords. Kotaku reached out to Neopets to ask whether or not financial data had been compromised, but did not receive a response at the time of publication.
Jellyneo claimed that email address, passwords, gender, IP addresses, countries, and birthdays were all being sold on a “hacker website” for 4 bitcoin. At the time of writing, 4 bitcoin is worth $92,072. Although bitcoin is traceable, hackers prefer to use it for criminal activities because wallets don’t require identifying information and law enforcement can’t freeze the accounts. Neopets is currently working with a forensics firm and law enforcement in order to investigate the breach.
This isn’t the first time that Neopets had run afoul of the community in the past year. Last September, fans were in uproar as the staff announced that they would be participating in an NFT collaboration. And going back even further, Neopets had another major breach in March 2021 where hackers had stolen rare pets and sold them on the black market. While the site has continued to attract a cult following, some of that community has included hackers who promote a black market of Neopets where digital animals end up stolen from their owners.