ShellCodeX Breach Report
Neopets Data Breach
neopets.com
Verified breach
Passwords exposed
Accounts exposed
26,892,897
Breach date
05 May 2013
Added to tracker
07 Jul 2016
Data classes
8
What happened
In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online. Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well as almost 27 million unique email addresses. Passwords were stored in plain text and IP addresses were also present in the breach.
Exposed data
Dates of birth
Email addresses
Genders
Geographic locations
IP addresses
Names
Passwords
Usernames
Recommended actions
- Change your Neopets password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Neopets — attackers weaponise breach data quickly.
- Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP