A hack had recently transpired against a popular virtual pets browser game called Neopets, wherein about 69 million users’ personal information had been compromised.
Previously, the same gaming platform had also undergone a data breach attack last 2013 when researchers identified hackers selling over 26 million stolen accounts from Neopets users on the dark web. In 2016, its entire database had also been publicly exposed.
An advertisement for the stolen Neopets database was posted in a dark web forum, published by a hacker under the username ‘TarTarX.’
The researchers noted that the advertised Neopets database was posted and sold on the alternative site of the dark web forum ‘RaidForums,’ which authorities seized last April. The same alternative leak site was also where the recently reported leak of the Shanghai Police database was posted by its hackers.
From the threat actor’s post, they claimed to be selling the virtual pets game’s stolen information for 4 BTC or around $94,000 and also said to hold the platform’s compressed website source code in 460MB.
Suppose the hackers’ claims to obtain the platform’s website database’s live version are true. In that case, the security researchers fear that they could also easily access the accounts of all Neopets users worldwide.
The information compromised from the virtual pets game’s users includes full names, gender, addresses, zip codes, nationalities, birthdates, IP addresses, email addresses, and hashed passwords.
Via their social media platforms, the Neopets team had shared and confirmed that the platform was suffering from a data breach attack. They also informed their users that a cybersecurity forensic team had already been contacted to help them to mitigate and investigate the issue.
Since the scope of the data breach was wide, all of the online gaming platform’s users are recommended to update their passwords to avoid further damage caused by the cyberattack. Authorities have also been notified about the incident.
Users of numerous online platforms have always been reminded to keep themselves safe against the threats of cyberattacks. These reminders include applying strong passwords to their accounts, avoiding entertaining suspicious messages and calls from unknown entities, and refraining from clicking on links sent through suspicious emails.