Data for over 69 million Neopets accounts may have been stolen in a breach last week, including account email addresses and passwords.
The digital pet game has at least 100,000 daily active users and 1.5 million monthly active players, according to CEO Jim Czulewicz back in 2020. While initially aimed at children back in 1999, the current user base of digital pet owners is mostly adults aged 18 to 34 according to the virtual pet website’s current owners at JumpStart Games.
Neopets did a tweet on July 21, 2022 that confirmed the breach, going on to suggest that users should change their passwords on the site and any other sites that might share the same account information.
“Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data.” said the tweet from the official account.
Neopets community website JellyNeo was the first site to report the data breach, after receiving an anonymous tip from a reader. “Full account information, such as email address, passwords, gender, IP addresses, countries, and birthdays are available for sale on a hacker website,” said JellyNeo. “Access to the full database and a copy of Neopets.com source code is being offered for 4 Bitcoin (~$94,500 USD at time of writing). For an additional fee, the seller is offering live access to the database.”
Neopets has not yet confirmed this, although they do say that they will release more information as their ongoing investigation continues. If you’re a concerned Neopets user and would like to change your password, you can do so here.