Erik. (12-28-2020),Extraterrestrial (12-28-2020),kittyray (12-28-2020),Oneiros (12-28-2020),Prose Edda (12-29-2020),Stardust (12-28-2020)
holy fuck this is crazy. props to TNT for fixing it but also fuck TNT and their outdated site/terrible site update.
edit: here's an article
(you need an account to see links)
Last edited by Sakuras; 12-28-2020 at 08:11 AM.
Erik. (12-28-2020),Extraterrestrial (12-28-2020),kittyray (12-28-2020),Oneiros (12-28-2020),Prose Edda (12-29-2020),Stardust (12-28-2020)
Two breaches within 4 years of each other, passwords stored in plaintext, only deciding to add security questions in 2020 a.d., and now this? It's getting downright comical at this point.
A black comedy, sure, but still comical.
cooldan94 (12-28-2020),glittery (12-29-2020),jbujbu (12-28-2020),My name is Yoshikage Kira (12-28-2020),Prose Edda (12-29-2020),Sakuras (12-28-2020),txtsd (12-28-2020)
Erik. (12-28-2020),Prose Edda (12-29-2020)
Wow, that's so scary. After so many years, that have not decided to up their cybersec game when its so prevalent?
Prose Edda (12-29-2020)
TNT wrote an update on Twitter:
(you need an account to see links)
Zapdos (12-29-2020)
This is weird because this statement does not gel with what the whitehat hackers were saying at all. Which is pretty typical, don't get me wrong, but I find it really gross.
Ultimately they tacked on some BS to the latest editorial.
(you need an account to see links)
Hey Neopians, We'd like to begin by saying the safety of our users' information is a top priority for us. As some of you may be aware, this weekend our team was notified of a claim about potential ways for outsiders to gain access to user information or data on Neopets. After looking into the claim, we�ve verified that all personal user information remains securely protected, and no current data was exposed.
For more details, please see below:
1. No credit card information has been accessed by any outside parties.
- Neopets does not store this information on our servers � it�s stored on separate payment platforms and is completely secure.
2. User account password information was and remains inaccessible by any outside parties.
- User passwords are not stored in plain text.
- No current or active accounts were exposed (all Neopets passwords were force reset in 2016).
3. We do not store user data in our code.
- After some investigation, our team found that some information that was publicized was from an old monitoring server with some folders of web page code exposed. This code only contained old internal testing data, including fake email and street addresses for internal testing purposes, which are no longer in use.
- All personal user information is securely stored behind a firewall with a layered security system. We did find that an Industry Standard Server Status Page containing very limited current connectivity information was able to be accessed in specific instances. All of these have now been secured and are no longer able to be accessed.
4. The team cleaned up some areas that were found with old data and reviewed all touchpoints involved.
- User data and the security of our site is extremely important to us. As we continue to make sure all data is completely secure, we�d like to reassure the community that no user or account information was accessed.
As usual, we recommend frequently updating your password to further safeguard your account. Visit (you need an account to see links) and get started.
In addition, our privacy policy can be found (you need an account to see links)
Editing to add, I've been following the two guys on Twitter because I find their work really interesting. (John & Nick are the ones who found the vulnerabilities.)
Last edited by PrettySarcastic; 12-28-2020 at 09:49 PM.
graphics by Flordibel & Menine <3
cornishwall (12-29-2020),Extraterrestrial (12-29-2020),Prose Edda (12-29-2020),Sakuras (12-29-2020),Spiffy (12-29-2020),Worlds (12-29-2020)
TLDR - Just change your passwords, people, it's definitely not going to hurt anything and in fact it can only help keep your accounts more secure. Just don't screw up and forget what you changed it to.
(you need an account to see links)
graphics by Flordibel & Menine <3
Ariealle (12-29-2020),Buizel (12-29-2020),cornishwall (12-29-2020),Doge (12-29-2020),Extraterrestrial (12-29-2020),glittery (12-29-2020),hissi (12-29-2020),Ice (12-29-2020),kittyray (12-29-2020),Meepit (12-29-2020),Mimikyu (01-05-2021),mokavanila (12-30-2020),nataurs (12-29-2020),Nyanobyte                      (12-29-2020),Prose Edda (12-29-2020),Sakuras (12-29-2020),Spiffy (12-29-2020),Stardew (12-29-2020),TsUNaMy WaVe (12-30-2020),txtsd (12-29-2020),Worlds (12-29-2020)
I am thankful I changed my password and such...this scared me considering I have a few precious in storage
Buizel (12-29-2020)
Well I'm glad they've finally started encrypting passwords after those other two leaks of ~70 million usernames and passwords. Sort of. Provided they don't get decrypted with the help of exposed salt that's just lying around on their servers, apparently. At least there's that...
(Jfc the August data is available online, too!? W O W)
The nightingale sings out of spite.
oh holy fuck, as of 12/28....