The online pet website, Neopets, has confirmed it fell victim to a data breach, exposing the personal information of approximately 69 million users. The website’s source code was also stolen in the attack. Recently, Neopets launched NFTs, which are part of a plan to create an online Metaverse game, in which users can own, raise and play games with their virtual pets.
According to reports, the breach occurred on Tuesday and has since been attributed to a hacker known as ‘TarTaxX’, who began selling the source code and database on the dark web, charing approximately $94,000 in Bitcoin. The hacker has not revealed how they obtained access, however, they have confirmed that the data was not ransomed.
Tim Marley, VP Audit, Risk & Compliance at Cerberus Sentinel told the IT Security Guru that: “The failure to keep our stakeholder’s sensitive data confidential is coming with greater consequences for organizations in the United States. Five states currently have privacy laws and another six have legislation at some stage of review. At the end of the day, we shouldn’t need legislation to force us to examine the sensitive data in our possession and verify that we protect it at every stage of the data lifecycle. We are the custodians of this data and owe it to our customers, clients, partners, and residents to verify that we always manage this information securely. If we fail to do so, we stand to lose their trust and may incur significant financial and operational penalties as a result.”
Neopets members are strongly urged to change their passwords on any site with a similar or the same password as the one they used on the virtual game. Unfortunately, however, changing passwords on the Neopets site is not guaranteed to secure the account ..
Support the originator by clicking the read the rest link below.
