"Neopets Hackers Had Network Access for 18 Months"

Neopets, a game that lets players create and care for virtual pets inside a fantasy world, has released an "Important Announcement" urging its members to update their passwords and confirming that the company's IT systems were compromised.  The admission comes just weeks after a cyberattacker was reportedly shopping a stolen Neopets database with 69 million member records and the Neopets source code for four bitcoin (which is currently worth less than $80,000 and falling).  Neopets confirmed that it learned about the attack on the same day the data was put up for sale, July 20.  Compromised Neopets member information includes names, email addresses, usernames, dates of birth, gender, IP addresses, Neopets PINs, and hashed passwords, as well as data generated during gameplay.  The company stated that as part of their ongoing commitment to the safety and privacy of the Neopets' player information in their care, they have reset players' passwords and are working on adding multifactor authentication to better safeguard users' account access.  The company also noted that they have enhanced their systems' protection by further strengthening their network monitoring, authentication, and system protection.

Dark Reading reports: "Neopets Hackers Had Network Access for 18 Months"