Neopets, the popular website where users own and care for virtual pets, has fallen victim to a data breach. It has exposed the personal information of 69 million users around the globe.
News of the data breach first arose on Tuesday when a threat actor under the alias “TarTarX” posted an ad for anyone interested in purchasing the Neopets database on a dark web marketplace.
TarTarX offered the entire database and source code for 4 BTC, or $94,000. He claimed that the stolen data included sensitive personal information like date of birth, country of residence, IPs, gender, names, and emails of approximately 69 million users.
Neopets also confirmed the breach in a tweet on Thursday.
“Neopets recently became aware that customer data may have been stolen,” read the website’s tweet. “We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data.”
Neopets advised users to immediately change their account passwords, along with any other platforms that have the same login credentials.
“It appears that email addresses and passwords used to access Neopets accounts may have been affected,” Neopets added. “We strongly recommend that you change your Neopets password. If you use the same password on other websites, we recommend that you also change those passwords.”