How To Avoid Being Cookie Grabbed On Neopets

Avoid all guild pages.

The recent CGing fiasco that took place has been using the same security flaw as the others that have occurred within the previous 4 years.

Just looking out for the community as the staff over on that game site obviously do not care about their members. This has been known for the longest time yet still works?!

For anyone who thinks they might have been affected by this, just clear your cookies and log back in. Change your PW to be completely safe.

I got an unrelated guild invite earlier today and freaked the fuck out when I heard about this CGing fiasco.

Stay safe, everyone!

Thanks for the warning joe, hope no one from clraik was affected.

i can't believe tnt made userlookup and petpage filters stricter than ever but haven't touched guilds one bit

thanks for the heads up, joe!

Thanks for the heads up! That's just wrong :/

My motto is that if I don't know the person sending me a link or a friend request, then I just delete it. TNT has proven time and time again that they're too lazy to fix the flaws in their site so it's up to us to protect ourselves.

I pay for premium but idk why anymore because they don't care about us. I am quitting giving those fucks money.

You deleted the post from PBM that I quoted countering his argument, delete please... :)

Download noscript if you are really worried , most if not all of these exploits use a external .js file. So white list stuff on neopets.com and dont allow external javascript.

i will for sure download this. cheers darkbyte

As bad as it is, I find it funny when a big-name player gets compromised over this. It's so EASY to avoid being CGed. To each their own. TNT really should have a way at preventing them, however I think players should know better than to view a random guild. Shady things will always be shady folks!

Luckily I never join guilds haha. Thanks for the heads up buddy:tiger:

I am a solo runner.. I don't think I've joined a guild since I started playing. Thanks again though

You're welcome everyone. :)

Is this patched now?

scary stuff!! thanks for letting me know!! I probably would have gotten CGed this way knowing me, lol.

Is this patched now?

Yes. Was just patched earlier today.

Can I get CG from other websites too? like normal website. can they steal my credit card numbers and other paypal account?

Oh wow, thanks for this. To think I was considering joining a guild, perhaps now isn't the time. D:

well this explains a lot.. I was wondering how someone got my side account. I was on it and got logged off. tried to log back on and couldn't. this is probably exactly what happened. thanks for the heads up. sucks im just now reading this though

well this explains a lot.. I was wondering how someone got my side account. I was on it and got logged off. tried to log back on and couldn't. this is probably exactly what happened. thanks for the heads up. sucks im just now reading this though

You weren't CGed. CGing does not allow someone to access your password.

A CGer will give you the users cookies for a specific site, which is what allows you to stay logged in. By switching out their neologin cookie with yours, it will log them into your account without a password being needed.

Also, the guild CGer has been patched for a few weeks now.