We have some serious news today. Thanks to an anonymous tipster, we've been made aware that the database and source code for Neopets.com has been breached, and over 69,000,000 user accounts have been exposed.
Full account information, such as email address, passwords, gender, IP addresses, countries, and birthdays are available for sale on a hacker website.
Access to the full database and a copy of Neopets.com source code is being offered for 4 Bitcoin (~$94,500 USD at time of writing). For an additional fee, the seller is offering live access to the database.
You may have read or heard of some reddit posts being made over the past few months by a user who claims to have had live access to the Neopets database and source code since late last year. (Posting about things such as users who gamed the Mystery Pic contest with the Scary Tree Stamp as a prize, or users who have been shadowbanned from the Altador Cup.) TNT has failed to address this security leak, and now we're finding someone else selling access on the black market.
What Can I Do to Protect My Account?
Due to the nature of live access being available, we do not recommend changing your account password or PIN at this time. (The hacker and/or buyer could just get a new copy of whatever you changed your password to with their live access.) We will post an update when it's safe to update your account credentials.
This isn't the first time the Neopets.com site has been breached, and is likely not the last. We cannot emphasize enough that you should be using unique passwords across every website. If you share your Neopets.com password with any other websites, those accounts are highly at risk. Paying $95k to hack Neopets accounts seems pricey, but the value in a purchase like this will be the ability to test your Neopets.com password on many other sites in brute force attacks. Upgrading your digital lifestyle to include a password manager, such as 1Password, will greatly reduce your risk going forward.