Neopets has started updating players about a data incident involving possible account information earlier this summer and urged fans to change their account passwords.
“Neopets recently became aware that customer data may have been stolen,” an official blog post shared on Aug. 29 reads. “It appears that email addresses and passwords used to access Neopets accounts may have been affected.”
The gaming company is currently investigating the situation in its entirety.
What happened to Neopets?
On July 20, 2022, Neopets was alerted that someone was attempting to get unauthorized access to the site’s IT systems. In response, Neopets took “immediate steps” to shut down further access and nothing further has happened since.
Neopets also launched an investigation, including a forensics firm and law enforcement. This resulted in Neopets determining some player information had been accessed.
“Information may include the data provided when registering for or playing Neopets, including name, email address, username, date of birth, gender, IP address, Neopets PIN, hashed password, as well as data about a player’s pet, game play, and other information provided to Neopets,” a press release written by CEO Jim Czulewicz explained.
“For players that played prior to 2015, the information also could have included non-hashed, but inactive, passwords. This information appears to have been accessed and potentially downloaded between January 3-February 5, 2021, or July 16-19, 2022.”
In response to the breach, Neopets has reset players’ passwords and the site is currently working on implementing multi-factor authentication. Networking monitoring, authentication, and system protections are also being strengthened.
Neopets noted there’s been no “misuse” of information thus far, but has urged Neopets users to review their account and credit history.
“As our investigation continues, we will update you as appropriate. We truly appreciate your patience and understanding at this time,” Neopets staff wrote in the blog.