Skip to main content

Neopets has been hacked and data for almost 69M accounts appears to be up for sale

A Neopet looking very sorry for itself.
(Image credit: Neopets)
Audio player loading…

Neopets, a popular virtual pet-keeping browser game born of the late '90s, has been victim of a data breach. Hackers claiming to be behind the attack say they have personal account info of more than 69 million members, along with a bunch of the site's source code, and are willing to sell the data off for a fee.

The browser game has been wracked with cheaters (opens in new tab) for some time, but this just takes the biscuit. Since the site has begun associating itself with NFTs, it appears to have drawn some unwanted attention. Now, it may have gotten worse, as the company investigates a data breach where customer data may have been taken off its servers. It says usernames and passwords connected to the platform may be affected,  but email addresses, Neopets users' ages, genders, countries, birth dates, and even IP addresses are allegedly being auctioned off.

The official Neopets Twitter page has posted a warning to users, with the thread strongly recommending users change their Neopets password, and any accounts that use the same password (we advise you to never use the same password for multiple sites (opens in new tab), anyway). 

It also notes that the breach is being looked into by a "leading forensics firm," though no name has been given as to which one.

See more

The data appears to have been put up for sale on popular hacking forum, Breached.co (via Bleeping Computer (opens in new tab)), where one hacker known as TarTarX claims to have live access to the hacked database. For access to a snapshot of the database, the hacker is asking for four bitcoin (approximately $94,500). They note that they are "open to hear offers," and will accept other cryptocurrencies for the data. For an additional fee, they're offering live access to the database.

The validity of TarTarX's claims has apparently been confirmed by the hacking site's owner, pompompurin, who tried creating an account and was promptly sent their data back. What this means is the hacker may well have continued access to the data, so anyone with enough cryptocurrency to blow can allegedly watch people scramble to change their passwords and simply nab them after the fact.

If you head to Neopets' account security page (opens in new tab), it confusingly says that "contrary to what many people claim, no one has ever "hacked into our site" and accessed user information, accounts or usernames. The ONLY means by which a user can have his/her [their, actually] account stolen by someone else is when that user inadvertently or intentionally gives out their account password."

"People like to say they have been hacked, as it makes them feel a little better than admitting they have fallen for a scam, or just simply given away their password to the first person that asked them for it. However, there are a number of things you can do to help keep your account secure."

That statement might be a little out of date now.

The Neopets error message on account deletion.

(Image credit: Neopets)
Your next machine

(Image credit: Future)

Best gaming PC (opens in new tab): The top pre-built machines from the pros
Best gaming laptop (opens in new tab): Perfect notebooks for mobile gaming

After hearing the news, I tried to delete my account through this link (opens in new tab), but my initial attempt was met with the message above. I suspect it's something to do with the volume of people likely deleting their accounts right now.

A second attempt then finally allowed me to delete my account, and I'm sorry to be leaving but, and I suspect plenty of people (particularly parents of younger users) will be following suit.

Katie Wickens
Hardware Writer

Screw sports, Katie would rather watch Intel, AMD and Nvidia go at it. Having been obsessed with computers and graphics for three long decades, she took Game Art and Design up to Masters level at uni, and has been demystifying tech and science—rather sarcastically—for two years since. She can be found admiring AI advancements, scrambling for scintillating Raspberry Pi projects, preaching cybersecurity awareness, sighing over semiconductors, and gawping at the latest GPU upgrades. She's been heading the PCG Steam Deck content hike, while waiting patiently for her chance to upload her consciousness into the cloud.