Popular virtual pet website Neopets says it has launched an investigation after a hacker breached its databases, with one site claiming the personal information of up to 69 million users may have been stolen.
“Neopets recently became aware that customer data may have been stolen…it appears that email addresses and passwords used to access Neopets accounts could have been affected,” the website said in a expression posted on his official Twitter account on Thursday.
The site said it launched an investigation with the support of a leading forensics firm, which is contacting law enforcement and improving its security.
Neopets was contacted for comment on the scope of the security breach.
Technology news site BleepingComputer claimed about 69 million users were affected and reported that a hacker had provided a screenshot pretending to show the stolen data, including names, dates of birth, email addresses, zip codes, gender, country and other sites. and game-related information. The hacker put the data up for sale Tuesday and asked for four bitcoins, equivalent to $90,500 (£75,500), he reported.
BleepingComputer reported that the hacker stole the database and approximately 460MB (compressed) of source code for the neopets.com website, but did not disclose how they gained access.
The hacker reportedly told the publication that he did not share the data with Jumpstart, the owners of Neopets, but has received interest from potential buyers.
Neopets has since urged users to change their passwords and promised to provide updates as the investigation progresses.
The Neopets website, launched in 1999, offers a virtual world that allows users to take care of pets, play games to earn a currency called Neocash, buy clothes, build and decorate homes, and join forums to chat. The site is also trying to turn their virtual pet characters into a series of NFTs.