Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 28 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Neopets Confirm Data Breach

The virtual pet website confirms on Twitter that data has been stolen.

by Guru Writer
July 25, 2022
in Cyber Bites, Uncategorized
Gloved fingers type on keyboard
Share on FacebookShare on Twitter

As reported last week, over 69 million users of the site Neopets, a popular virtual pet website, may have had their data compromised in the first known US mega breach of the year.

The company took to Twitter to confirm the news. Neopets is owned by Viacom.

The Tweet said: “Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data.

“It appears that email addresses and passwords used to access Neopets accounts may have been affected. We strongly recommend that you change your Neopets password. If you use the same password on other websites, we recommend that you also change those passwords.”

Moderators on the Neopets Discord channel warned that hackers still had access to the systems, so changing passwords would not work to safeguard information.

They said: “We should note that the effectiveness of changing your Neopets password is currently debatable. As long as hackers have live access to the database, they can simply check what your new password is. We cannot therefore strictly advise you on the best course of action given the circumstances.”

They further claimed that more than email addresses and passwords had been taken in the breach.

“A reported 69+ million accounts have been compromised, with the breadth of exposed personal information including passwords, birth dates, genders, names, countries and IP addresses,” they said.

“The leaked information and live database access and full source code are being offered for sale on a third-party website.”

Plenty of commentators have been lining up to add their observations on the attack, but all are just speculation at the moment, as there’s no clear indication of how the threat actor compromised the site.

Comparitech’s head of data research, Rebecca Moody, confirmed that the figures are correct and that this is the first US data breach this year so far with over 10 million users’ data breached.

Moody added, “what’s perhaps more concerning is the potential age range of the users affected with the website being popular among children and teens as well as adults.”

Mike Varley, thread consultant at Adarma, said incident responders at Neopets now have to balance speed with effective remediation.

He argued, “incident responders should be seeking to validate claims from the threat actor that they have ‘live’ access to the database. From there, responders will work backwards to identify both the point of initial access and any persistence mechanisms the actor may have installed.”

“Once identified, a remediation plan can be created that’ll involve multiple actions occurring simultaneously or in rapid succession – designed to remove the adversary from the network, deny their access back into the environment and monitor for any further resurgence in adversary activity.”

FacebookTweetLinkedIn
ShareTweet
Previous Post

Three Charged in First Crypto Insider-Trading Case

Next Post

Ukrainian Radio Stations Hacked to Spread Rumours About President’s Health

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information