Neopets Security Breach

[Siniri]

Security researchers test sites for breaches and notify them about how to patch any vulnerabilities. Neopets has had a breach since August.

Here is some info from the researcher (on Twitter):

To address all concerns:

If you have a Neopets account and you are an active user, change your password immediately. Unfortunately, I don't know how long threat actors have had access, but I will let all of you know when it's secured - and then change your password again

Update: Neopets is working hard on fixing this. They've already patched 4 or 5 vulnerabilities. There's still quite a bit of work to be done, but great progress is being made and they are being amicable about the situation.

Security Researchers are ethical. We do not leak the specifics of our research. We do not dump user data. We do not share PII. We will not give you anything. The only entity that will receive anything is the Enterprise.

If you use the same password on Neopets as other sites:
1) Stop doing that.
2) Change your password on all those other sites (to something different from each other and your Neopets one).

[Blue]

Thanks, Siniri. Good info.

I guess it is time to update my Neopets password. Honestly unsure of the last time I changed it.

[Pickles]

Thanks for the heads up.

I'm weird about passwords, so I know exactly when I last changed mine. However, since it was before August, I changed it again. I'm paranoid about passwords in general as it is, so it's nothing like any other password I have.

[Tanker_55]

Thanks for the heads-up! Fortunately, the password I use there is my generic "browser game" one, there's not much to steal or discover there. I'll still change it, who knows...