ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Neopets Data Breach

neopets.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 26,892,897
Breach date 05 May 2013
Added to tracker 07 Jul 2016
Data classes 8

What happened

In May 2016, a set of breached data originating from the virtual pet website "Neopets" was found being traded online. Allegedly hacked "several years earlier", the data contains sensitive personal information including birthdates, genders and names as well as almost 27 million unique email addresses. Passwords were stored in plain text and IP addresses were also present in the breach.

Exposed data

Dates of birth Email addresses Genders Geographic locations IP addresses Names Passwords Usernames

Recommended actions

  • Change your Neopets password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Neopets — attackers weaponise breach data quickly.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP