Neopets security breach

[Orbit]

(you need an account to see links)
Just got this pop up on the site!

[Shawn]

(you need an account to see links)
Just got this pop up on the site!

Finally, a 100% public notice on-site

[cornishwall]

I dont think you can fix stuff with DB access.
More like change values like NPs, items, pet stats/info, and who knows what else since I don't have much insight into this

As I understand it, it would depend on how Neopets is structured on the backend. They use MS Azure as the host, which I haven't used, but assuming it is similar to AWS and how little of the site is updated, I would imagine there is quite a bit you could mess with beyond pet/account stats and genning items/NP.

It also depends on what method the live database access is based on. If n_t is at all correct/honest about this issue being one many websites are vulnerable to, the access is probably Azure based and would likely let you change anything you want

[phantasia]

(you need an account to see links)
Just got this pop up on the site!

I guess it is about time. So annoying that they waited more than a day to do this. I mean neopets staff is not the people to get in a emergancy

[Dark_dragonz]

They were a bit late, probably relaxed due to how unlikely it is for such a sale to take place within a day. It would've been ideal if they could have just been 100% transparent from the start. I am glad, however, that they have immediately launched an investigation and are hopefully taking the necessary steps to improve their current security.

[cornishwall]

They were a bit late, probably relaxed due to how unlikely it is for such a sale to take place within a day. It would've been ideal if they could have just been 100% transparent from the start. I am glad, however, that they have immediately launched an investigation and are hopefully taking the necessary steps to improve their current security.

I see this as JumpStart/NetDragon legal department letting TnT know they are required by the SEC in the USA to disclose the breach to anyone affected, not TNT being willfully transparent. I can't remember the last time TNT was preemptively transparent

[xmilo]

As I understand it, it would depend on how Neopets is structured on the backend. They use MS Azure as the host, which I haven't used, but assuming it is similar to AWS and how little of the site is updated, I would imagine there is quite a bit you could mess with beyond pet/account stats and genning items/NP.

It also depends on what method the live database access is based on. If n_t is at all correct/honest about this issue being one many websites are vulnerable to, the access is probably Azure based and would likely let you change anything you want

to be honest, im surprised they're even hosted on a cloud based service. i would have thought they're hosted on-site. migration on its own might have taken them some time, especially when they're so short handed and nothing has been fixed in years.

[yesnt]

Well I just logged in to Neopets for the first time in a while to be greeted by the above message... good to see TNT haven't changed much in the time I haven't really been playing

[RealisticError]

I dont think you can fix stuff with DB access.
More like change values like NPs, items, pet stats/info, and who knows what else since I don't have much insight into this

They have access to the source code, could be full server access, in that case they could definitely fix the BD...but more likely they'd just add cookie grabbers/trojans/etc. to the base code.

[Sakuras]

(you need an account to see links)
Just got this pop up on the site!

fucking finally jesus