« January »
January
Jan 3 - Aisha Day
Jan 6 - Gnorbu Day
Jan 11 - Buzz Day
Jan 14 - Sloth Day
Jan 16 - Elephante Day
Jan 29 - Kacheek Day


It's Jordle... with Jordie! Can you guess today's word?
Discover the characters of Neopia in our Book of Ages!
Try on all the latest Neopian fashions!
Help us model your pets!
Your jnAccount! Your jnAccount: Log In or Register | New to Jellyneo? Click here!

Welcome to Jellyneo.net!

Welcome to Jellyneo, the #1 ad-free Neopets help site! We offer news and tips for the popular online game Neopets. Here's what you can find on the site:

You can also register a jnAccount; it's free and lets you access special features! (Find out more!)

Pick your news: Neopets News Jellyneo's Twitter | Crossword | JN Updates | Daily Puzzle

Dave
Neopets Being Actively Hacked, Passwords + Emails Accessible
  • Posted by Dave
  • Posted on July 20, 2022, 11:34 am NST

UPDATE, July 25th, 3:30 PM NST: There have been no further updates regarding the breach by TNT, nor any firm confirmations that the vulnerability has been patched.



UPDATE, July 21st, 11:30 PM NST: As of approximately 10:50 PM NST tonight, upon visiting any Neopets.com page you will first be greeted with the following Important Announcement, which is the same text we have seen as the first official announcement yesterday (and also repeated in today's New Features.)


Just click to "Continue To Site" as we've yet to receive confirmation that the vulnerability has been patched.



UPDATE, July 21st, 7:30 PM NST: There have been no further updates regarding the breach today by TNT, nor any firm confirmations that the vulnerability has been patched.



UPDATE, July 20th, 7:43 PM NST: TNT has posted a statement to Twitter and to the Neoboards about the breach. Their statement doesn't seem to confirm that the vulnerability has been patched. They have also not confirmed the safety of Premium/Neocash payment methods (we've been asked this a lot by Neopians and specifically escalated this issue with TNT—we don't believe payment methods were breached, but we're only fansite volunteers, not TNT and would like them to confirm).

The tweet and Neoboard message:

Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data. (1/3)

It appears that email addresses and passwords used to access Neopets accounts may have been affected. We strongly recommend that you change your Neopets password. If you use the same password on other websites, we recommend that you also change those passwords. (2/3)

As our investigation continues, we will update you as appropriate. We truly appreciate your patience and understanding at this time. Thank you. (3/3)

As per TNT's suggestions, we recommend you update your password (via "My Profile"). However, since TNT has not confirmed that the vulnerability has been patched, be prepared to change it again once we get the all clear.


If you share your Neopets password with any other website, you should change that immediately.



UPDATE, July 20th, 12:48 PM NST: TNT member Willow has issued a statement regarding the active breach:

Hi everyone— we’re aware of the data breach and are actively working on it. Will provide more information ASAP.

We'll keep you updated as TNT posts more. Until then, please read below on how you should be making sure your other web accounts are secure and do not share login information with your Neopets account(s). Since this is an active, unpatched breach, changing your Neopets password or PIN is not advisable at the moment.




We have some serious news today. Thanks to an anonymous tipster, we've been made aware that the database and source code for Neopets.com has been breached, and over 69,000,000 user accounts have been exposed.

Full account information, such as email address, passwords, gender, IP addresses, countries, and birthdays are available for sale on a hacker website.

Access to the full database and a copy of Neopets.com source code is being offered for 4 Bitcoin (~$94,500 USD at time of writing). For an additional fee, the seller is offering live access to the database.

You may have read or heard of some reddit posts being made over the past few months by a user who claims to have had live access to the Neopets database and source code since late last year. (Posting about things such as users who gamed the Mystery Pic contest with the Scary Tree Stamp as a prize, or users who have been shadowbanned from the Altador Cup.) TNT has failed to address this security leak, and now we're finding someone else selling access on the black market.

What Can I Do to Protect My Account?
Due to the nature of live access being available, we do not recommend changing your account password or PIN at this time. (The hacker and/or buyer could just get a new copy of whatever you changed your password to with their live access.) We will post an update when it's safe to update your account credentials.

This isn't the first time the Neopets.com site has been breached, and is likely not the last. We cannot emphasize enough that you should be using unique passwords across every website. If you share your Neopets.com password with any other websites, those accounts are highly at risk. Paying $95k to hack Neopets accounts seems pricey, but the value in a purchase like this will be the ability to test your Neopets.com password on many other sites in brute force attacks.

If you share your Neopets.com password with any other website, update the password on those other sites immediately. You should also consider upgrading your digital lifestyle to include a password manager, such as 1Password, which stores unique hard-to-guess passwords for you and will greatly reduce your risk going forward.
Follow @jellyneo on Twitter for all the latest #Neopets news!
Jellyneo on Twitter
Get JN updates via Twitter!
Jellyneo on YouTube
Find our latest gaming videos on YouTube!
Old Neopets News
Looking for older Neopets news?