hrtbrk Posted July 20, 2022 Share Posted July 20, 2022 I wish to bring attention to some concerning news. Earlier today Jellyneo posted that Neopets is under a live hack, which has information to over 60 million accounts. We understand the hack has access to your email, passwords, birth date, name, country, PIN number and possibly more. As this is a live attack, meaning the hacker can access new information even if you update it right now, we recommending updating your account information at your own risk. If your Neopets account shares the same email and password on another website(s), update it on that website immediately. TNT has commented that they are aware of the breach and are actively working on it. We will keep you updated as we find out more information. Link to comment Share on other sites More sharing options...
GlitchtaleLover Posted July 20, 2022 Share Posted July 20, 2022 Oh no, this is not good in the slightest, thank you for the update though. Stay safe everyone, as much as you can help it! Singledwish123 1 Link to comment Share on other sites More sharing options...
Angeló Posted July 20, 2022 Share Posted July 20, 2022 from what i understood it's a NFT guy and he's selling the info as a live leak for about $95,000 .. they are after your other information like bank accounts / credit cards etc i lost my sides a while ago due to the previous security breech and got them back (with some heavy losses) and from that day on i changed my passwords on everything and my email passwords are all different from my neo passwords .. not to mention i dont have a bank account or a c.c. in real life either i hope they are able to fix this asap but what really grinds my gears is that they addressed it on Discord and not Neopets boards ... berriganify 1 Link to comment Share on other sites More sharing options...
granny63020 Posted July 21, 2022 Share Posted July 21, 2022 Angelo, what is a NFT guy? Also, is it safe to play games right now? hrtbrk I was wondering if you could answer this question for me. If any of my hubby's accounts are using the password I have on Neo would I need to change his passwords as well? His user name is different. I don't want to change his unless it would be absolutely necessary. He already has a bad memory and this would make it worse for him. Thanks for any advice on this. What if I am using a different user name with that password. Would I need to change the password on those accounts as well? Link to comment Share on other sites More sharing options...
berriganify Posted July 21, 2022 Share Posted July 21, 2022 so the NFT drama continues to drag the site into the gutter. well, luckily all my passwords are unique. still, i better find some solution to that glitch that wasn't letting me log in a while back so i can change them once this is over. Edit: I know they're probably after credit cards, but does anyone know if there's any danger if I used my paypal account to purchase something through the site? My guess is no, since the password stuff is handled by PP and not Neo, but...? 4 hours ago, Granny63020 said: Angelo, what is a NFT guy? Also, is it safe to play games right now? hrtbrk I was wondering if you could answer this question for me. If any of my hubby's accounts are using the password I have on Neo would I need to change his passwords as well? His user name is different. I don't want to change his unless it would be absolutely necessary. He already has a bad memory and this would make it worse for him. Thanks for any advice on this. What if I am using a different user name with that password. Would I need to change the password on those accounts as well? If any of your accounts on other sites (such as TDN, email, etc) use the same password as your neopets accounts, change them (TDN/email/etc) now. As soon as TNT has managed to fix their security problems, you should also change all your neopets passwords. If your husband has trouble remembering his passwords, i recommend writing them down IRL, and then using a password saver to save them for day-to-day use. All he would have to do is type in his username, and the browser will auto-fill his password. Most browsers come with a password saver built-in. Regardless, I would recommend that you use a different password for each account. Duma and Angeló 1 1 Link to comment Share on other sites More sharing options...
Angeló Posted July 21, 2022 Share Posted July 21, 2022 @Granny63020 NFT is a crypto currency just like Bitcoin that Neopets have been dabbing into with a side project called Neopets Metaverse , hiring some shady characters in the process. Most people who work on that project are demeaning, rude and downright racist , one of them last week called Neopets players “worse than Covid” And since most NFT traders are douche*bags though , one or more of them managed to hack the Neopets servers/user databases ... queen_hatshepset and granny63020 2 Link to comment Share on other sites More sharing options...
Neo111Neo Posted July 21, 2022 Share Posted July 21, 2022 I changed my pw like they said last night on their fb page. Wasn't going to but then decided I better. Started with my main account created 14 years ago. It changed it, I went to log in but it said it was incorrect. Tried old ones... same. Tried having pw change sent via email and it said my username didn't exist. I searched from another account and it's still there but even though I finally got it to email to change it... I changed it again and same thing. I saw someone else mention they changed theirs 4 yrs ago and they got locked out. I sent a ticket but they said they did also. Did I just lose my 14 yo account doing what they said to do?!?! Link to comment Share on other sites More sharing options...
bonnie_morrison Posted July 21, 2022 Share Posted July 21, 2022 I changed my password to a temporary password (as per Jellyneo) and it let me back in ok, try contacting them on twitter with your ticket number, it seems to get fixed faster that way Neo111Neo 1 Link to comment Share on other sites More sharing options...
Angeló Posted July 21, 2022 Share Posted July 21, 2022 5 hours ago, Neo111Neo said: I changed my pw like they said last night on their fb page. Wasn't going to but then decided I better. Started with my main account created 14 years ago. It changed it, I went to log in but it said it was incorrect. Tried old ones... same. Tried having pw change sent via email and it said my username didn't exist. I searched from another account and it's still there but even though I finally got it to email to change it... I changed it again and same thing. I saw someone else mention they changed theirs 4 yrs ago and they got locked out. I sent a ticket but they said they did also. Did I just lose my 14 yo account doing what they said to do?!?! you need to type it in manually ... sometimes copy/paste doesn't work especially with long passwords also check that there's no space at the beginning of the box where you enter your password this happened to me more than once Neo111Neo 1 Link to comment Share on other sites More sharing options...
Neo111Neo Posted July 22, 2022 Share Posted July 22, 2022 Thank you both. I heard back from them about the ticket. I was using characters that trigger it to lock, wasn't aware some would do that. I was able to get back in :). Angeló and hrtbrk 1 1 Link to comment Share on other sites More sharing options...
hrtbrk Posted July 22, 2022 Author Share Posted July 22, 2022 2 minutes ago, Neo111Neo said: Thank you both. I heard back from them about the ticket. I was using characters that trigger it to lock, wasn't aware some would do that. I was able to get back in :). Very happy to hear you got it back and that they responded with a solution so quickly. Neo111Neo and bonnie_morrison 2 Link to comment Share on other sites More sharing options...
Angeló Posted July 22, 2022 Share Posted July 22, 2022 What are those triggers so we can avoid them ? last night i freaked out not being able to update my info turned out i was still typing my old password Neo111Neo 1 Link to comment Share on other sites More sharing options...
Neo111Neo Posted July 22, 2022 Share Posted July 22, 2022 11 hours ago, Angeló said: What are those triggers so we can avoid them ? last night i freaked out not being able to update my info turned out i was still typing my old password Lol. It happens. This is what they told me "please do not use &, # or @ since those can cause the account to lock". bonnie_morrison and Aquamentis12 1 1 Link to comment Share on other sites More sharing options...
Aquamentis12 Posted July 23, 2022 Share Posted July 23, 2022 6 minutes ago, Neo111Neo said: Lol. It happens. This is what they told me "please do not use &, # or @ since those can cause the account to lock". I'm a little surprised by "&", but the "hashtag" and "at" symbols make sense since they are used for other things like e-mails and well, hashtagging things. lol Link to comment Share on other sites More sharing options...
Nielo Posted July 23, 2022 Share Posted July 23, 2022 11 hours ago, Aquamentis12 said: I'm a little surprised by "&", but the "hashtag" and "at" symbols make sense since they are used for other things like e-mails and well, hashtagging things. lol I'm suprised by the @ actually; I've been using that with passwords on Neo without issue for the past couple of years. Passwords should be able to handle all of these very common symbols, so they should definitely include that in the passwords hints. (Like how it'll throw an error if you don't use at least 2 numbers.) Honestly, there's no (good) reason these characters shouldn't be allowed in passwords in the first place. Some of these symbols can have special meanings in certain scripting languages, sure, but there are ways to handle them to ensure they're treated like 'normal' characters when saved to the database. The fact that Neo apparently isn't doing that, isn't good. Also, I just came across this comment on the JellyNeo post: So for anyone still needing to reset their password: just use the 'forgot my password' feature instead of the form on the old account page. berriganify and hrtbrk 2 Link to comment Share on other sites More sharing options...
bonnie_morrison Posted July 23, 2022 Share Posted July 23, 2022 huh, now that's funny, I used the at symbol in my temporary password and it lets me in ok, one of my roommates did as well, so I will let her know to check it when she gets up. I'll remember that for next time about the forgot my password, as none of my roommates and I want to get locked out of our accounts. Link to comment Share on other sites More sharing options...
berriganify Posted July 23, 2022 Share Posted July 23, 2022 2 hours ago, Nielo said: I'm suprised by the @ actually; I've been using that with passwords on Neo without issue for the past couple of years. Passwords should be able to handle all of these very common symbols, so they should definitely include that in the passwords hints. (Like how it'll throw an error if you don't use at least 2 numbers.) Honestly, there's no (good) reason these characters shouldn't be allowed in passwords in the first place. Some of these symbols can have special meanings in certain scripting languages, sure, but there are ways to handle them to ensure they're treated like 'normal' characters when saved to the database. The fact that Neo apparently isn't doing that, isn't good. Also, I just came across this comment on the JellyNeo post: So for anyone still needing to reset their password: just use the 'forgot my password' feature instead of the form on the old account page. oh, hey! i changed all my passwords on my accounts yesterday and wound up locked out of one of them. the 'i forgot my password' thing worked perfectly, thanks. Nielo 1 Link to comment Share on other sites More sharing options...
Aquamentis12 Posted July 23, 2022 Share Posted July 23, 2022 7 hours ago, Nielo said: I'm suprised by the @ actually; I've been using that with passwords on Neo without issue for the past couple of years. Passwords should be able to handle all of these very common symbols, so they should definitely include that in the passwords hints. (Like how it'll throw an error if you don't use at least 2 numbers.) Honestly, there's no (good) reason these characters shouldn't be allowed in passwords in the first place. Some of these symbols can have special meanings in certain scripting languages, sure, but there are ways to handle them to ensure they're treated like 'normal' characters when saved to the database. The fact that Neo apparently isn't doing that, isn't good. Also, I just came across this comment on the JellyNeo post: So for anyone still needing to reset their password: just use the 'forgot my password' feature instead of the form on the old account page. I was only saying that if any characters were to be excluded, I could see a possible reason for @ and #. But it's a stretch. Considering regular words you CAN'T use on Neopets because they have other less desirable words in them (grapes, anyone?), it doesn't really surprise me much that this insanity has bled into the password system. Whoops! I changed my password with the old system. lol Logged out and back in to check, and it works fine for me. Nielo 1 Link to comment Share on other sites More sharing options...
Neo111Neo Posted July 24, 2022 Share Posted July 24, 2022 I wonder if the password symbol locky stuff is new? I'm pretty sure my old passwords had them in them too. But good to know about the ad blocker thing as well and using the other way. I changed mine on the account page thingy AND had the forbidden symbols AND had an ad blocker. So I guess I was asking to get locked out LOL. I changed my other ones with ad blocker and on the account page though before seeing this and didn't have a problem. So I guess maybe it's also random? Like it CAN lock it but doesn't always? Still weird though. Angeló 1 Link to comment Share on other sites More sharing options...
Duma Posted July 24, 2022 Share Posted July 24, 2022 I changed mine with an adblocker and through the normal account settings page without problems. I also was able to log out and in again. Aquamentis12 and bonnie_morrison 2 Link to comment Share on other sites More sharing options...
uttarnhi Posted August 19, 2022 Share Posted August 19, 2022 i hope they are able to fix this asap but what really grinds my gears is that they addressed it on Discord and not Neopets boards ... Link to comment Share on other sites More sharing options...
Recommended Posts