Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Neopets Hacking Scandal: Approximately 69 Million User Accounts Were Leaked

July 26, 2022

Kurt Perry, of PCInvasion, recently posted an article about Neopets, a virtual pet website where users can own and buy virtual pets. Apparently, they got hacked and had a data breach.

The leak exposed about 69 million accounts, which contained personal data such as email addresses, passwords, and potentially birth dates, genders, nationalities, and IP addresses. For now, Neopets has reported that no credit card information was involved in the data leak.

The hackers that stole the data are allegedly trying to sell the personal information on a website that covers technology news, called BleepingComputer. The hackers listed the price of the leaked data for four Bitcoin, or around $95,000.

Surprisingly, this is not the first or second time that the Neopets website has been hacked. This is the third hacking incident that Neopets has had to deal with in the last six years. In 2016, around 70 million of their user accounts were hacked and in 2020, their codebase (code that makes up a website) was being sold on many parts of the internet.

After the latest data breach, Neopets tweeted to let their users know that customer data may have been stolen. Then, they launched an investigation and were assisted by a leading forensics firm. They also notified law enforcement to be able to better protect their systems and user data.

You would think that after Neopets’ first hacking incident, they would have implemented much stronger cybersecurity protections. Hopefully, they have learned their lesson after the third incident and are implementing much stronger protection, data breach response plans, security assessments, and precautionary measures.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology