Did you ever have a Neopets account? It might be time to change the password of any services that shared similar login details. The long-in-the-tooth flash gaming site with a digital pet tie-in has suffered a serious breach, with login details, including passwords, of over 69 million members stolen. The hacker has put the information up for sale, with a price tag of four Bitcoin, or around $100,000 worth of the cryptocurrency.
Neopets was a popular online gaming service in the mid-2000s that gave users their own digital pet which they could explore with, level up, battle, and look after them with food and toys. But the core of the Neopets experience was flash games. It had a host of clones and more unique flash games which earned players Neopoints which could then be spent on items for their Neopet. It was an addictive loop at the time and made the service incredibly popular with millions of active users.
Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data. (1/3)
— neopets (@Neopets) July 21, 2022
As Flash has died a death, however, Neopets has fallen off, and has been sold several times over the years as its playerbase dwindled. All the accounts are still there, though, which is why this massive breach is a potential minefield. Especially when you factor in that the site now uses credit card details for real cash purchases. It's not clear yet whether any such financial details have been leaked.
Unfortunately, since this is a live breach which the Neopets Team have not been able to close yet, changing your password won't help. Just keep an eye on the situation and if you share username and password with Neopets on any other services, change them there.