The virtual pet website, Neopets, shared new details about the data incident that affected almost 70 million users.
Neopets, established in 1999 and purchased by Viacom era Nickelodeon owner in 2005, is a virtual application where users can own virtual pets and buy digital items.
Neopets learned about a third party's unauthorized access to its IT systems on July 20. After an investigation, Neopets determined that the event resulted in unauthorized access to, and in some cases, download of, player personal information.
Affected information may include name, email address, username, date of birth, gender, IP address, Neopets PIN, hashed password, data about a player's pet, gameplay, and other information provided to Neopets.
"For players that played prior to 2015, the information also could have included non-hashed, but inactive, passwords. This information appears to have been accessed and potentially downloaded between January 3-February 5, 2021, or July 16-19, 2022," Neopets said.
Both past and present players might have been affected. As reported before, the breach might have affected 69 million users.
Neopets noted that it doesn't store users' government-issued identification numbers, bank account information, or payment card information.
After the incident, Neopets reset players' passwords and now works on implementing a multi-factor authentication solution.
"If you used your Neopets password on other websites, we recommend that you change your passwords for those accounts as well," it said.
Neopets is not aware of any misuse of user information at this point but recommends remaining vigilant against threats of identity theft or fraud, as well as phishing emails.
More from Cybernews:
Subscribe to our newsletter