The popular virtual pet website Neopets says it has launched an investigation after a hacker breached its databases, with one website claiming the personal data of up to 69 million users may have been stolen.
“Neopets recently became aware that customer data may have been stolen … it appears that email addresses and passwords used to access Neopets accounts may have been affected,” the website said in a statement issued on its official Twitter account on Thursday.
The site said it had launched an investigation assisted by a leading forensics firm, contacted law enforcement, and was improving its security.
Neopets has been contacted for comment about the scope of the security breach.
The technology news site BleepingComputer, made the claim about 69 million users being affected, and reported that a hacker had provided a screenshot purporting to show the data stolen includes names, dates of birth, email addresses, postcodes, gender, country and other site- and game-related information. The hacker offered the data for sale on Tuesday, asking for four bitcoins, equivalent to $90,500 (£75,500), it reported.
BleepingComputer reported the hacker stole the database and approximately 460MB (compressed) of source code for the neopets.com website but did not reveal how they gained access.
The hacker reportedly told the publication that they did not ransom the data to Jumpstart, the owners of Neopets, but have received interest from potential buyers.
Neopets has since urged users to change their passwords and promised to provide update as the investigation continues.
<p lang=«en» dir=«ltr» xml:lang=«en»>As of today, there have been no further updates by @Neopets regarding the breach and whether it has been patched yet or not. If you're just Read more on theguardian.com