Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 7 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Personal data of 69 million Neopets users exposed

Source code and personal data being sold for 4 Bitcoin on dark web

by The Gurus
July 21, 2022
in Data Protection, News
Personal data of 69 million Neopets users exposed
Share on FacebookShare on Twitter

The online pet website, Neopets, has confirmed it fell victim to a data breach, exposing the personal information of approximately 69 million users. The website’s source code was also stolen in the attack. Recently, Neopets launched NFTs, which are part of a plan to create an online Metaverse game, in which users can own, raise and play games with their virtual pets.

According to reports, the breach occurred on Tuesday and has since been attributed to a hacker known as ‘TarTaxX’, who began selling the source code and database on the dark web, charing approximately $94,000 in Bitcoin. The hacker has not revealed how they obtained access, however, they have confirmed that the data was not ransomed.

Tim Marley, VP Audit, Risk & Compliance at Cerberus Sentinel told the IT Security Guru that: “The failure to keep our stakeholder’s sensitive data confidential is coming with greater consequences for organizations in the United States.  Five states currently have privacy laws and another six have legislation at some stage of review.  At the end of the day, we shouldn’t need legislation to force us to examine the sensitive data in our possession and verify that we protect it at every stage of the data lifecycle.  We are the custodians of this data and owe it to our customers, clients, partners, and residents to verify that we always manage this information securely.  If we fail to do so, we stand to lose their trust and may incur significant financial and operational penalties as a result.”

Neopets members are strongly urged to change their passwords on any site with a similar or the same password as the one they used on the virtual game. Unfortunately, however, changing passwords on the Neopets site is not guaranteed to secure the account if hackers still have access to the servers, which in this instance holds true.

Marley continues: “I’m particularly concerned over the potential exposure of sensitive data for children under the age of 13.  While this site may not specifically cater to that age group, I believe it’s likely we’ll see a much greater consumption of these services by children.  If so, then we may see the FTC investigating under the Children’s Online Privacy Protection Rule (COPPA).”

Also commenting on the incident is Mike Varley, threat consultant at Adarma: “Responding to incidents such as these needs a finely tuned balance of speed along with remedial actions. Incident responders should be seeking to validate claims from the threat actor that they have “live” access to the database, that was reportedly confirmed by another user of the initial forum where the leak was posted. From there, responders will work backwards to identify both the point of initial access and any persistence mechanisms the actor may have installed.  Once identified, a remediation plan can be created that’ll involve multiple actions occurring simultaneously (or in rapid succession) designed to remove the adversary from the network, deny their access back into the environment, and monitor for any further resurgence in adversary activity.

He concluded that “lessons learned after the threat has been eradicated should be viewed by organisations as a way to improve, to build back better and a stark reminder to take the security of their environment, and their customers, very seriously by stopping history from repeating itself.”

According to a reddit user this is not the first data breach affecting the virtual pet world. As such, there is a Twitter account set up, which members can refer to for official updates from staff, and how to proceed if their data has been affected.

ShareTweet
Previous Post

Salt Security Platform Enhancements Make it Easier to Operationalise API Security

Next Post

China Fines Didi Global $1.19billion for Data Security Infringements

Recent News

Registration Now Open for International Cyber Expo 2026

Registration Now Open for International Cyber Expo 2026

July 7, 2026
Forescout

Forescout recognised by NATO for cybersecurity capabilities across IT and OT environments

July 7, 2026
Huntress Signs Giacom to Widen UK MSP Access to Managed Detection and Response

Huntress Signs Giacom to Widen UK MSP Access to Managed Detection and Response

July 7, 2026
pentesting

Pentesting is dead. Long live pentesting.

July 3, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol