More than 69 million members of the virtual pet website Neopets had their personal information compromised following a data breach
, reports BleepingComputer
Threat actor TarTarX exfiltrated the Neopets website's database with account information belonging to over 69 million members, including their names, email addresses, usernames, ZIP codes, birthdates, gender, countries of origin, initial registration emails, and other game-related data, as well as nearly 460MB of source code, both of which are being sold for four bitcoins, or nearly $94,000. TarTarX's claims have been verified by pompompurin, who owns the Breached.co hacking forum.
"Vouch, I registered an account on the website and he sent the full entry," said pompompurin in a Breached.co forum post.
Meanwhile, Neopets has also confirmed the intrusion and volunteer Discord moderators have been cautioning members against immediate password replacement on the platform.
"We should note that the effectiveness of changing your Neopets password is currently debatable as long as hackers have live access to the database, as they can simply check what your new password is. We cannot therefore strictly advise you on the best course of action given the circumstances," said an announcement on the Discord server of Neopets.