Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35

Thread: PSA: Live vulnerability discovered, account details stolen via multiplayer games

  1. 03-03-2025 #1
    samsepiol
    samsepiol is offline
    samsepiol's Avatar
    Joined
    Jul 2021
    Posts
    205
    Userbars
    18
    Thanks
    36
    Thanked
    1,080/192
    DL/UL
    1/0
    Mentioned
    8 times
    Time Online
    62d 20h 6m
    Avg. Time Online
    1h 6m

    PSA: Live vulnerability discovered, account details stolen via multiplayer games

    From Jellyneo:

    Jellyneo has recently been given information on a live hack on the Neopets website. Playing the multiplayer games Kacheekers, Geos, and Armada can lead to your account details being maliciously stolen.

    This information has already been reported to TNT via ambassadors. Until a fix is confirmed, do not visit any pages for Kacheekers, Geos, or Armada.

    If you have played these games in the last several days, we recommend changing your password ASAP.
    How it works (allegedly):

    During a multiplayer session of one of these games, the hacker injects malicious code which redirects the player to their petpage which displays a fake login page and then spits that information onto the coding for one of your own pet's petpages, allowing them to view your credentials in plain text.

    TNT appears to be actively removing (not disabling, REMOVING) these games on the fly. As of today, these games may become lost media.
    Last edited by samsepiol; 03-04-2025 at 12:11 AM.
    Reply With Quote Reply With Quote

  2. The Following 33 Users Say Thank You to samsepiol For This Useful Post:

    Aero (03-05-2025),AmandaBynes (03-04-2025),Buizel (03-04-2025),DarkSkies (03-03-2025),Delibird (03-04-2025),Diglett (03-04-2025),Erik. (03-04-2025),Eusexua (03-07-2025),Excalibur (03-04-2025),Fennekin (03-04-2025),Fiore (03-04-2025),Gormos (4 Weeks Ago),GrarrlMunch (03-04-2025),gratitude (03-08-2025),Halloqueenie (03-04-2025),kittyray (03-03-2025),knuckles (03-03-2025),kretyn (03-04-2025),Loona (03-03-2025),Margarita (03-04-2025),Meepit (03-04-2025),mistook (03-03-2025),pikapika                     (03-04-2025),Sakuras (03-04-2025),sallys (03-04-2025),Slowpoke                     (03-03-2025),soupwithnoodles (03-04-2025),synthetic (03-04-2025),The Archer (03-03-2025),Thunders                     (03-04-2025),Woobat (03-04-2025),xCarRadio (03-04-2025),Zenitsu                    (03-04-2025)
  3. 03-03-2025 #2
    Evelynn                   
    Evelynn is offline
    Evelynn's Avatar
    Joined
    Jul 2014
    Posts
    284
    Userbars
    59
    Thanks
    762
    Thanked
    1,454/319
    DL/UL
    19/0
    Mentioned
    51 times
    Time Online
    44d 10h 13m
    Avg. Time Online
    16m
    All I can say to this is lmao
    Thank you Lyrichord for the userbar!
    Reply With Quote Reply With Quote

  4. The Following 13 Users Say Thank You to Evelynn For This Useful Post:

    Aero (03-05-2025),Delibird (03-04-2025),Donatella Versace (03-05-2025),Erik. (03-04-2025),Excalibur (03-04-2025),Fiore (03-04-2025),Halloqueenie (03-04-2025),Miri (03-04-2025),Rattata (03-05-2025),Sakuras (03-04-2025),soupwithnoodles (03-04-2025),Woobat (03-04-2025),Zapdos (03-04-2025)
  5. 03-03-2025 #3
    Loona
    Loona is offline
    Loona's Avatar
    Joined
    Nov 2016
    Posts
    72
    Userbars
    32
    Thanks
    196
    Thanked
    179/56
    DL/UL
    19/0
    Mentioned
    5 times
    Time Online
    5d 8h 13m
    Avg. Time Online
    2m
    Thanks for posting about this!

    Wtg Neopets lmao
    Reply With Quote Reply With Quote
  6. 03-03-2025 #4
    samsepiol
    samsepiol is offline
    samsepiol's Avatar
    Joined
    Jul 2021
    Posts
    205
    Userbars
    18
    Thanks
    36
    Thanked
    1,080/192
    DL/UL
    1/0
    Mentioned
    8 times
    Time Online
    62d 20h 6m
    Avg. Time Online
    1h 6m
    I'll add more details to this post as this develops but there's some discussion suggesting that the vulnerability forces your active pet's petpage to update with plain text of your credentials.
    Reply With Quote Reply With Quote

  7. The Following User Says Thank You to samsepiol For This Useful Post:

    Sakuras (03-04-2025)
  8. 03-04-2025 #5
    xCarRadio
    xCarRadio is offline
    xCarRadio's Avatar
    Joined
    Feb 2016
    Posts
    891
    Pronouns
    she/her
    Userbars
    63
    Thanks
    1,027
    Thanked
    1,402/597
    DL/UL
    123/0
    Mentioned
    56 times
    Time Online
    27d 13h 56m
    Avg. Time Online
    11m
    Ahhh I'm so glad I don't play those games anymore. What the actual heck?!!!
    Reply With Quote Reply With Quote
  9. 03-04-2025 #6
    Donatella Versace
    Donatella Versace is offline
    Donatella Versace's Avatar
    Joined
    Jan 2014
    Posts
    173
    Pronouns
    He/Him
    Userbars
    30
    Thanks
    328
    Thanked
    378/138
    DL/UL
    51/0
    Mentioned
    20 times
    Time Online
    5d 10h 43m
    Avg. Time Online
    1m
    the way i was playing these earlier........... oop
    Reply With Quote Reply With Quote

  10. The Following 2 Users Say Thank You to Donatella Versace For This Useful Post:

    Daffodil (03-07-2025),Sakuras (03-04-2025)
  11. 03-04-2025 #7
    samsepiol
    samsepiol is offline
    samsepiol's Avatar
    Joined
    Jul 2021
    Posts
    205
    Userbars
    18
    Thanks
    36
    Thanked
    1,080/192
    DL/UL
    1/0
    Mentioned
    8 times
    Time Online
    62d 20h 6m
    Avg. Time Online
    1h 6m
    Quote Originally Posted by Donatella Versace View Post
    the way i was playing these earlier........... oop
    Update your password AND pin to be sure. Playing the game in general doesn't mean you were exposed but it's better to be safe. I also updated the post with the info we have about how it supposedly worked. Being presented with a fake login page during the game would be a giveaway.
    Reply With Quote Reply With Quote

  12. The Following 2 Users Say Thank You to samsepiol For This Useful Post:

    Donatella Versace (03-05-2025),GrarrlMunch (03-04-2025)
  13. 03-04-2025 #8
    pikapika                    
    pikapika is offline
    pikapika's Avatar
    Joined
    Feb 2024
    Posts
    90
    Userbars
    11
    Thanks
    87
    Thanked
    172/63
    Mentioned
    1 time
    Time Online
    5d 8h 1m
    Avg. Time Online
    17m
    Thanks for head up, went to check all my petpage to be sure.
    Reply With Quote Reply With Quote
  14. 03-04-2025 #9
    Halloqueenie
    Halloqueenie is offline
    Halloqueenie's Avatar
    Joined
    Oct 2023
    Posts
    235
    Pronouns
    she/her
    Userbars
    40
    Thanks
    665
    Thanked
    607/204
    DL/UL
    5/0
    Mentioned
    30 times
    Time Online
    13d 13h 33m
    Avg. Time Online
    35m
    Not me desperately trying for a kacheekers trophy

    Reply With Quote Reply With Quote

  15. The Following 2 Users Say Thank You to Halloqueenie For This Useful Post:

    Donatella Versace (03-04-2025),Sakuras (03-04-2025)
  16. 03-04-2025 #10
    Shawn
    Shawn is offline
    Joined
    Jun 2012
    Posts
    1,977
    Pronouns
    He / Him
    Userbars
    69
    Thanks
    6,999
    Thanked
    3,474/1,252
    DL/UL
    17/0
    Mentioned
    267 times
    Time Online
    76d 12h 38m
    Avg. Time Online
    24m
    Sounds like a pretty genius way of manipulating the site's inputs
    Reply With Quote Reply With Quote
Page 1 of 4 123 ... LastLast
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules