Lmao imagine someone actually uses the breach to fix the site... that will be a true hero, nothing like n_t.
But yeah it probably won't happen. These people don't have any reason to do it, they just look for profit.
Lmao imagine someone actually uses the breach to fix the site... that will be a true hero, nothing like n_t.
But yeah it probably won't happen. These people don't have any reason to do it, they just look for profit.
(you need an account to see links)
(you need an account to see links) || (you need an account to see links)
I̶ ̶w̶a̶n̶t̶ ̶t̶h̶e̶ ̶b̶a̶k̶a̶ ̶u̶s̶e̶r̶b̶a̶r̶ ̶v̶e̶r̶y̶ ̶m̶u̶c̶h̶!̶ I GOT IT!!!
I wonder if the guy selling it has gotten any bites. I'm sure they won't get the 4BTC they were originally after now that it's all over the security news outlets and jumpstart is aware.
If the sale had gone down in a quieter manner, I'd imagine theyd be able to get a lot more for it than they will be able to get now. I can see it selling for 1BTC maybe.. but 4, no way. That's approaching 100k right there.
Also dont think anybody outside of the neo community or somebody familiar with the game would be too interested in full server access.
What's my definition of success?
Creating something no one else can
Being brave enough to dream big
Grindin' when you're told to just quit
Giving more when you got nothin' left
I saw that. That's definitely not how you should approach somebody who has something you want lol
They are also banned now I believe, so there's that. I do think the 4BTC price tag is a bit high, especially since BTC has been jumping up lately. Maybe for full access to the server and all the files that come with it... somebody could literally host it on their own server and be the new neo with that if they really wanted. Boy that would be an interesting twist.
What's my definition of success?
Creating something no one else can
Being brave enough to dream big
Grindin' when you're told to just quit
Giving more when you got nothin' left
I agree though. I think you would have to be off your rocker to buy this for 4 BTC. Or a neocash whale who just wants thrills. Or a neopets superfan like Jawsch.
No sane, normal person is "investing" this money to make back money. I think the "omg they are trying to hack your bank details" shit is the worst fearmongering. I would be surprised if even 1,000,000 million new entires are genuine since 2016. Most of it is duplicated or the same players over and over again. Since 2016, people have become heightened and hyperaware of databreaches (Facebook, Yahoo, Twitter have all been breached at some point, along with many other small companies) and likely don't use the same passwords (password requirements for neopets are way more relaxed for something like a gmail account or a bank account). Most people have never even used real birthdays and names for their neopets identity (I haven't, in the 20 years I have been playing this game).
So what are you paying for? $100k/4 BTC for maybe 100,000 genuine, non-duplicated, accessible identities at best. Most of those will be people who have been alerted about this and changed/secured their info. Maybe I am stupid, but I really doubt that a neopets username, email, password, IP and birthday is enough to compromise someone's identity in a way that would meaningfully make you enough money to justify spending 4 BTC. That information (username, email, passwords used, IPs) is already available from other public/cheaper databases already, so anyone who actually does this professionally isn't going to want to waste the money on this data. I can get someone's birthday, IP used and real name from a different leak, why would I spend 100k to gamble on the idea that their neopets password might overlap with their bank account password? Lol. I guarantee you that every single genuine user who uses neopets also has a social media account or some other account that has already been breached.
What about sellers? $100k is a lot and Neopets is a dying petsite, and I personally feel like it would take a really long time to make that money back (like probably a year) and then even longer to make double. To buy this in an environment when NC UCs are going to be released and the price of UCs is going to plummet, while most decent RW/RNs are already "reserved" by active players who have claimed them, it makes absolutely zero sense. Most sellers as it currently stand don't need to invest so much capital ($100k!) in order to make a decent amount of money off of the site, so why would they?
So yeah, all that is left in terms of buyers, is a crazy person who just really wants access to this stuff. Luckily, crazy people usually don't have access to 4 BTC.
Last edited by oventoast; 07-22-2022 at 10:36 AM.
Aero (07-28-2022),basmatirice (07-25-2022),Chambers (07-22-2022),Dot (07-22-2022),Double.Trouble (07-22-2022),funnybell (07-22-2022),♥ GreyFaerie ♥ (07-23-2022),isopods (07-22-2022),kiiraa (07-22-2022),Miri (07-22-2022),Pringle (07-24-2022),RicoBandito (08-01-2022),Sakuras (07-24-2022),Shawn (07-22-2022)
I definitely agree that this seems more like a “they have to give this notice” more than a “they want to give this notice”. Since it’s such a large security breach, it kind of goes bigger than just TNT.
When credit cards or other large corporations have had data breaches, they legally have to notify all consumers as soon as they are aware of it. *cough Target I’m looking at you cough*
You have to think of it like a malicious person. If you have the IP, birthday, real name and email - you can get a pretty decent jumpstart. You could even take this list - of arguably many millennials - and pivot to something else. Send out fake emails about crypto. Get them to follow a link... try to install a RAT on their system to get private keys or compromise other info. Back in the day when hash lists were a thing, *hypothetically* many people used the same passwords for the neo sites as their emails. You could get into the email and do whatever you wanted after that. It's all a shell game to see where you can get a foothold. While I agree there are other sites that might provide more beneficial data - neo could be a good pivot point for somebody, depending on their target audience. It's a lot of effort and a lot of leaps to make in the end though.
People may be better off just waiting awhile to see if this list eventually gets leaked.
I'm honestly surprised they didn't give it sooner... since they'd already mentioned they were working with a company to investigate. It would be interesting to hear what sort of attack vectors they used and how easily they can be closed. Usually you are required to notify users of a breach, especially once it's made public like that. It's just a matter of trying to save face and reassure your customers that they will do better in the future.
What's my definition of success?
Creating something no one else can
Being brave enough to dream big
Grindin' when you're told to just quit
Giving more when you got nothin' left
Aero (07-28-2022),♥ Decepticon ♥ (07-22-2022),Erik. (07-23-2022),Sakuras (07-24-2022),Shawn (07-22-2022)
I just want to point out BTC is way, way below the price range it was a year ago. (22k vs. 40k) Given this leak seems to be at least a year old I'm guessing the seller has been sitting on it for a while and awaiting an opportunity to essentially "buy the dip", offload this site info, gain some BTC while it's extremely cheap and essentially make a profit when/if BTC raises in price again.
I did see a little blurb thing pop up where they acknowledged the breach. I should have SS it :p