Neopets data breach exposes personal data of 69 million members

By Lawrence Abrams, Bleeping Computer

Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members.

Neopets is a popular website where members can own, raise, and play games with their virtual pets. Neopets recently launched NFTs that will be used as part of an online Metaverse game.

On Tuesday, a hacker known as 'TarTarX' began selling the source code and database for the Neopets.com website for four bitcoins, worth approximately $94,000 at today's prices.

In a conversation with BleepingComputer, TarTarX says that they stole the database and approximately 460MB (compressed) of source code for the neopets.com website.

The seller claims that this database contains the account information of over 69 million members, and in a screenshot shared with BleepingComputer, you can see the data includes members' usernames, names, email addresses, zip code, date of birth, gender, country, an initial registration email, and other site/game-related information.

While the hacker would not reveal how they gained access to the website, they told us that they did not ransom the data to Jumpstart, the owners of Neopets, but have received interest from potential buyers.

At this time, BleepingComputer has not been able to independently verify the authenticity of the database. However, pompompurin, the owner of the Breached.co hacking forum, verified the hacker's claims by registering an account on Neopets.com and being sent their newly created record from the database.

"Vouch, I registered an account on the website and he sent the full entry," pompompurin posted to the Breached.co forums.

Furthermore, this verification showed that TarTarX continued to have access to the neopets.com site even as they began selling the data.


Comments

Post a Comment

Popular posts from this blog

Why remote desktop tools are facing an onslaught of cyber threats

Image
By Solomon Klappholz, IT Pro Hackers are increasingly targeting remote desktop tools in their attacks, new research reveals, prompting warnings for enterprises globally In the era of hybrid work, remote desktop tools have become vital business enablers, but due to their pervasiveness on corporate networks they have become a popular entry point for cyber criminals. If successfully exploited, remote access tools can provide hackers with a direct pathway into a system or network, and once access is gained attackers can move laterally within the network, escalating privileges and maintaining persistence. In an investigation into which remote desktop tools are targeted the most, Jonathan Tanner, senior security researcher at Barracuda Networks, explained that remote desktop software poses a particular challenge to IT teams to secure. “Among the security challenges facing IT teams implementing remote desktop software is that there are many different tools available, each using different and ...
Read more

Ransomware gang starts leaking alleged stolen Change Healthcare data

Image
By Lawrence Abrams,  Bleeping Computer The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. In February, Change Healthcare suffered a cyberattack that caused massive disruption to the US healthcare system , preventing pharmacies and doctors from billing or sending claims to insurance companies. The attack was ultimately linked to the BlackCat / ALPHV ransomware operation, who later said they stole 6 TB of data during the attack . After facing increased pressure from law enforcement, the BlackCat gang shut down their operation . This occurred amid claims they were pulling an exit scam by stealing a $22 million Change Healthcare ransom payment from the affiliate who conducted the attack. While Change Healthcare has declined to comment on whether it has paid a ransom, the affiliate known as "Notchy" said they ...
Read more

Notepad++ wants your help in "parasite website" shutdown

Image
By Ax Sharma,  Bleeping Computer The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. Although, at the time of writing, the lookalike website takes visitors to the official Notepad++ downloads page, there is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack. The lookalike website appears prominently in search results
Read more