Jump to content

Important Security Update: Neopets Is Currently Being Hacked


hrtbrk
 Share

Recommended Posts

I wish to bring attention to some concerning news. Earlier today Jellyneo posted that Neopets is under a live hack, which has information to over 60 million accounts. 

We understand the hack has access to your email, passwords, birth date, name, country, PIN number and possibly more. As this is a live attack, meaning the hacker can access new information even if you update it right now, we recommending updating your account information at your own risk. If your Neopets account shares the same email and password on another website(s), update it on that website immediately

TNT has commented that they are aware of the breach and are actively working on it.

We will keep you updated as we find out more information. 

eyrie_yellow_baby.gif

Link to comment
Share on other sites

from what i understood it's a NFT guy and he's selling the info as a live leak for about $95,000 .. they are after your other information like bank accounts / credit cards etc

i lost my sides a while ago due to the previous security breech and got them back (with some heavy losses) and from that day on i changed my passwords on everything and my email passwords are all different from my neo passwords .. not to mention i dont have a bank account or a c.c. in real life either 

i hope they are able to fix this asap but what really grinds my gears is that they addressed it on Discord and not Neopets boards ...

Link to comment
Share on other sites

Angelo, what is a NFT guy? Also, is it safe to play games right now?  hrtbrk     I was wondering if you could answer this question for me.  If any of my hubby's accounts are using the password I have on Neo would I need to change his passwords as well? His user name is different. I don't want to change his unless it would be absolutely necessary. He already has a bad memory and this would make it worse for him.  Thanks for any advice on this. What if I am using a different user name with that password. Would I need to change the password on those accounts as well?

Link to comment
Share on other sites

so the NFT drama continues to drag the site into the gutter. :sad01_anim: well, luckily all my passwords are unique. still, i better find some solution to that glitch that wasn't letting me log in a while back so i can change them once this is over.

Edit: I know they're probably after credit cards, but does anyone know if there's any danger if I used my paypal account to purchase something through the site? My guess is no, since the password stuff is handled by PP and not Neo, but...?

 

4 hours ago, Granny63020 said:

Angelo, what is a NFT guy? Also, is it safe to play games right now?  hrtbrk     I was wondering if you could answer this question for me.  If any of my hubby's accounts are using the password I have on Neo would I need to change his passwords as well? His user name is different. I don't want to change his unless it would be absolutely necessary. He already has a bad memory and this would make it worse for him.  Thanks for any advice on this. What if I am using a different user name with that password. Would I need to change the password on those accounts as well?

If any of your accounts on other sites (such as TDN, email, etc) use the same password as your neopets accounts, change them (TDN/email/etc) now.

As soon as TNT has managed to fix their security problems, you should also change all your neopets passwords.

If your husband has trouble remembering his passwords, i recommend writing them down IRL, and then using a password saver to save them for day-to-day use. All he would have to do is type in his username, and the browser will auto-fill his password. Most browsers come with a password saver built-in.

Regardless, I would recommend that you use a different password for each account.

Link to comment
Share on other sites

@Granny63020 NFT is a crypto currency just like Bitcoin that Neopets have been dabbing into with a side project called Neopets Metaverse , hiring some shady characters in the process. Most people who work on that project are  demeaning, rude and downright racist , one of them last week called Neopets players “worse than Covid” 

And since most NFT traders are douche*bags though , one or more of them managed to hack the Neopets servers/user databases ...

Link to comment
Share on other sites

I changed my pw like they said last night on their fb page. Wasn't going to but then decided I better. Started with my main account created 14 years ago. It changed it, I went to log in but it said it was incorrect. Tried old ones... same. Tried having pw change sent via email and it said my username didn't exist. I searched from another account and it's still there but even though I finally got it to email to change it... I changed it again and same thing. I saw someone else mention they changed theirs 4 yrs ago and they got locked out. I sent a ticket but they said they did also. Did I just lose my 14 yo account doing what they said to do?!?! 😞 😢

Link to comment
Share on other sites

5 hours ago, Neo111Neo said:

I changed my pw like they said last night on their fb page. Wasn't going to but then decided I better. Started with my main account created 14 years ago. It changed it, I went to log in but it said it was incorrect. Tried old ones... same. Tried having pw change sent via email and it said my username didn't exist. I searched from another account and it's still there but even though I finally got it to email to change it... I changed it again and same thing. I saw someone else mention they changed theirs 4 yrs ago and they got locked out. I sent a ticket but they said they did also. Did I just lose my 14 yo account doing what they said to do?!?! 😞 😢

you need to type it in manually ... sometimes copy/paste doesn't work especially with long passwords

also check that there's no space at the beginning of the box where you enter your password

this happened to me more than once

Link to comment
Share on other sites

2 minutes ago, Neo111Neo said:

Thank you both. I heard back from them about the ticket. I was using characters that trigger it to lock, wasn't aware some would do that. I was able to get back in :). 

Very happy to hear you got it back and that they responded with a solution so quickly. 

Link to comment
Share on other sites

What are those triggers so we can avoid them ?

last night i freaked out not being able to update my info

turned out i was still typing my old password 🤪

Link to comment
Share on other sites

6 minutes ago, Neo111Neo said:

Lol. It happens. This is what they told me "please do not use &, # or @ since those can cause the account to lock".

I'm a little surprised by "&", but the "hashtag" and "at" symbols make sense since they are used for other things like e-mails and well, hashtagging things. lol

Link to comment
Share on other sites

11 hours ago, Aquamentis12 said:

I'm a little surprised by "&", but the "hashtag" and "at" symbols make sense since they are used for other things like e-mails and well, hashtagging things. lol

I'm suprised by the @ actually; I've been using that with passwords on Neo without issue for the past couple of years. Passwords should be able to handle all of these very common symbols, so they should definitely include that in the passwords hints. (Like how it'll throw an error if you don't use at least 2 numbers.)

Honestly, there's no (good) reason these characters shouldn't be allowed in passwords in the first place. Some of these symbols can have special meanings in certain scripting languages, sure, but there are ways to handle them to ensure they're treated like 'normal' characters when saved to the database. The fact that Neo apparently isn't doing that, isn't good.

Also, I just came across this comment on the JellyNeo post:

image.png

So for anyone still needing to reset their password: just use the 'forgot my password' feature instead of the form on the old account page.

Link to comment
Share on other sites

huh, now that's funny, I used the at symbol in my temporary password and it lets me in ok, one of my roommates did as well, so I will let her know to check it when she gets up.

I'll remember that for next time about the forgot my password, as none of my roommates and I want to get locked out of our accounts. 

Link to comment
Share on other sites

2 hours ago, Nielo said:

I'm suprised by the @ actually; I've been using that with passwords on Neo without issue for the past couple of years. Passwords should be able to handle all of these very common symbols, so they should definitely include that in the passwords hints. (Like how it'll throw an error if you don't use at least 2 numbers.)

Honestly, there's no (good) reason these characters shouldn't be allowed in passwords in the first place. Some of these symbols can have special meanings in certain scripting languages, sure, but there are ways to handle them to ensure they're treated like 'normal' characters when saved to the database. The fact that Neo apparently isn't doing that, isn't good.

Also, I just came across this comment on the JellyNeo post:

image.png

So for anyone still needing to reset their password: just use the 'forgot my password' feature instead of the form on the old account page.

oh, hey! i changed all my passwords on my accounts yesterday and wound up locked out of one of them. the 'i forgot my password' thing worked perfectly, thanks.

Link to comment
Share on other sites

7 hours ago, Nielo said:

I'm suprised by the @ actually; I've been using that with passwords on Neo without issue for the past couple of years. Passwords should be able to handle all of these very common symbols, so they should definitely include that in the passwords hints. (Like how it'll throw an error if you don't use at least 2 numbers.)

Honestly, there's no (good) reason these characters shouldn't be allowed in passwords in the first place. Some of these symbols can have special meanings in certain scripting languages, sure, but there are ways to handle them to ensure they're treated like 'normal' characters when saved to the database. The fact that Neo apparently isn't doing that, isn't good.

Also, I just came across this comment on the JellyNeo post:

image.png

So for anyone still needing to reset their password: just use the 'forgot my password' feature instead of the form on the old account page.

I was only saying that if any characters were to be excluded, I could see a possible reason for @ and #. But it's a stretch. Considering regular words you CAN'T use on Neopets because they have other less desirable words in them (grapes, anyone?), it doesn't really surprise me much that this insanity has bled into the password system.

Whoops! I changed my password with the old system. lol Logged out and back in to check, and it works fine for me. 🙂

Link to comment
Share on other sites

I wonder if the password symbol locky stuff is new? I'm pretty sure my old passwords had them in them too. But good to know about the ad blocker thing as well and using the other way. I changed mine on the account page thingy AND had the forbidden symbols AND had an ad blocker. So I guess I was asking to get locked out LOL. I changed my other ones with ad blocker and on the account page though before seeing this and didn't have a problem. So I guess maybe it's also random? Like it CAN lock it but doesn't always? Still weird though.

Link to comment
Share on other sites

  • 4 weeks later...
  • Duma locked this topic
Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...