It would appear that the internet’s first NFT machine, Neopets, has been hacked with millions of passwords getting compromised.
News of this hack was first broke on the forum Jellyneo (via Polygon) which has been documenting the hack since a few days ago, noting up to 69 million account passwords have been hijacked.
The hacker is offering to sell the database for Neopets for 4 bitcoins which, according to JellyNeo, was worth roughly $94,500 USD at the time. Perhaps the more worrying part is that the hacker is also willing to offer live database access for “additional fees”.
This mean that even if users are able to change their passwords, the hacker would still have access to your new password. Luckily, this vulnerability appears to have been patched by the developer, The Neopets Team (TNT).
Neopets eventually put out a three-part statement on Twitter acknowledging hack, as well as stating that they have contacted law enforcement while enhancing their data protection. They go on to suggest that users change their passwords and change the passwords for any other sites that may share the same password.
Many users are worried that their financial information was also compromised in this hack. While Neopets is a free-to-play service, users were able to subscribe to a monthly payment system to remove ads, access the forums, and use some premium features.
There was also in-game currency available for purchase that could be used on various items in the “NC Mall”. Polygon reached out the TNT to ask whether or not this hack would have leaked the financial information of its users, but TNT has yet to respond.
As of right now, the investigation into the Neopets hack is still ongoing, and we will update this article as more information becomes available.