As reported last week, over 69 million users of the site Neopets, a popular virtual pet website, may have had their data compromised in the first known US mega breach of the year.
The company took to Twitter to confirm the news. Neopets is owned by Viacom.
The Tweet said: “Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data.
“It appears that email addresses and passwords used to access Neopets accounts may have been affected. We strongly recommend that you change your Neopets password. If you use the same password on other websites, we recommend that you also change those passwords.”
Moderators on the Neopets Discord channel warned that hackers still had access to the systems, so changing passwords would not work to safeguard information.
They said: “We should note that the effectiveness of changing your Neopets password is currently debatable. As long as hackers have live access to the database, they can simply check what your new password is. We cannot therefore strictly advise you on the best course of action given the circumstances.”
They further claimed that more than email addresses and passwords had been taken in the breach.
“A reported 69+ million accounts have been compromised, with the breadth of exposed personal information including passwords, birth dates, genders, names, countries and IP addresses,” they said.
“The leaked information and live database access and full source code are being offered for sale on a third-party website.”
Plenty of commentators have been lining up to add their observations on the attack, but all are just speculation at the moment, as there’s no clear indication of how the threat actor compromised the site.
Comparitech’s head of data research, Rebecca Moody, confirmed that the figures are correct and that this is the first US data breach this year so far with over 10 million users’ data breached.
Moody added, “what’s perhaps more concerning is the potential age range of the users affected with the website being popular among children and teens as well as adults.”
Mike Varley, thread consultant at Adarma, said incident responders at Neopets now have to balance speed with effective remediation.
He argued, “incident responders should be seeking to validate claims from the threat actor that they have ‘live’ access to the database. From there, responders will work backwards to identify both the point of initial access and any persistence mechanisms the actor may have installed.”
“Once identified, a remediation plan can be created that’ll involve multiple actions occurring simultaneously or in rapid succession – designed to remove the adversary from the network, deny their access back into the environment and monitor for any further resurgence in adversary activity.”