Pink Poogle Toy Forum

Woohoo, Pickles! I was so excited to see that NM from you. (I'm in the middle of a solitaire game, so I haven't read it yet, but I ran over here to see what you had to say here.)

As of late yesterday / last night (Tues-Wed Aug 24th) people are reporting that there is a new captcha thing through Stackpath (the thing that makes the white pages on neo)
It is different than the regular Google captchas we are used to.
you need to put in what they show you and click to proceed on any page once you get it.

AND if that wasn't enough apparently if you get it wrong too many times, or just for refreshing on a page or whatever you can be IP banned.
people that have had this have been putting in tickets. so hopefully it is just a temporary thing until TNT gets the tickets sorted and starts reactivating people. (at least that is what I hope)

It appears to be something to do with them upping the security (a good thing they are trying to make things more secure - a bad thing that they didn't test things out on how high they have it set that it catches the regular players)

For now I would say to avoid anything where you have to refresh a lot, money tree, rubbish dump, games like solitaire/ neoquest - or at the very least take them real slow between refreshes. from reading it seems to be mostly when people are doing a lot of refreshes.

This appears to be an IP ban, if it happens you should be able to play on mobile (take it off of wifi) or somewhere else away from home.

Neopets began updating individuals today through its communication channels regarding a data incident that may have affected players’ information. Neopets previously communicated about this incident to players on July 21, 2022, and August 1, 2022. This notice provides details about the incident, our response, and available resources.

What Happened?

On July 20, 2022, Neopets was alerted to activity indicating unauthorized access by a third party to our IT systems. We took immediate steps to shut down further access to the affected systems and we have not seen any unauthorized activity since that time. We also launched an investigation assisted by a leading forensics firm and engaged with law enforcement. On August 10, 2022, Neopets determined that the event resulted in unauthorized access to, and in some cases, download of, player personal information.

What Information Was Involved?

After our investigation, we have determined that for past and present Neopets players, affected information may include the data provided when registering for or playing Neopets, including name, email address, username, date of birth, gender, IP address, Neopets PIN, hashed password, as well as data about a player’s pet, game play, and other information provided to Neopets. For players that played prior to 2015, the information also could have included non-hashed, but inactive, passwords. This information appears to have been accessed and potentially downloaded between January 3-February 5, 2021, or July 16-19, 2022.

We do not store your Social Security number, state identification number, bank account information, or payment card information.

What We Are Doing

Neopets is committed to safeguarding our players’ personal information. As part of our ongoing commitment to the safety and privacy of the Neopets’ player information in our care, we have reset players’ passwords and are working on adding multi-factor authentication to better safeguard your account access. We have also enhanced the protection of our systems, including by further strengthening our network monitoring, authentication, and system protection.

What You Can Do

If you used your Neopets password on other websites, we recommend that you change your passwords for those accounts as well. In general, it is a good idea to use different passwords across different applications and choose strong passwords.

In addition to changing your passwords, we recommend you do the following:

While we are not aware of any misuse of your information, it is always a good practice to remain vigilant against threats of identity theft or fraud, and to regularly review and monitor your account statements and credit history for any signs of unauthorized transactions or activity. If you ever suspect that you are the victim of identity theft or fraud, you can contact your local police. Additional information about how to protect your identity is below.

Additionally, it is always a good idea to be alert for “phishing” emails by someone who acts like they know you or are a company that you may do business with and requests sensitive information over email, such as passwords, government identification numbers, or bank account information.

Additional information about how to protect your identity is contained below.

For more information:

If you have questions regarding this notice, we invite you to reach out to us through our normal support channels or by calling 1-310-533-3400, or toll-free at 1-800-413-0526, with any questions or concerns you might have regarding this incident or the security of your account.

Sincerely,
Jim Czulewicz
President & CEO
Neopets



Information for U.S. Customers

MORE INFORMATION ABOUT IDENTITY PROTECTION

INFORMATION ON OBTAINING A FREE CREDIT REPORT

U.S. customers are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit reports, visit www.annualcreditreport.com or call tollfree (877) 3228228.

INFORMATION ON IMPLEMENTING A FRAUD ALERT OR SECURITY FREEZE

You can contact the three major credit bureaus at the addresses below to place a fraud alert on your credit report. A fraud alert indicates to anyone requesting your credit file that you suspect you are a possible victim of fraud. A fraud alert does not affect your ability to get a loan or credit. Instead, it alerts a business that your personal information might have been compromised and requires that business to verify your identity before issuing you credit. Although this may cause some short delay if you are the one applying for the credit, it might protect against someone else obtaining credit in your name.

A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit, mortgages, employment, housing, or other services. A credit reporting agency may not charge you to place, temporarily lift, or permanently remove a security freeze.

To place a fraud alert or security freeze on your credit report, you must contact the three credit bureaus below:

Equifax Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
(888) 766-0008
http://www.equifax.com

Experian Credit Fraud Center
P.O. Box 9554
Allen, TX 75013
(888) 397-3742
http://www.experian.com

TransUnion TransUnion LLC
P.O. Box 2000
Chester, PA 190222000
(800) 680-7289
http://www.transunion.com

To request a security freeze, you will need to provide the following information:

Your full name (including middle initial as well as Jr., Sr., II, III, etc.);

Social Security Number;

Date of birth;

If you have moved in the past five (5) years, the addresses where you have lived over those prior five years;

Proof of current address such as a current utility bill or telephone bill; and

A legible photocopy of a government issued identification card (state driver’s license or ID card, military identification, etc.).


You may also contact the U.S. Federal Trade Commission (“FTC”) for further information on fraud alerts, security freezes, and how to protect yourself from identity theft. The FTC can be contacted at 400 7th St. SW, Washington, DC 20024; telephone +1 (877) 3824357; or www.consumer.gov/idtheft.

ADDITIONAL RESOURCES

Your state attorney general may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your state attorney general, or the FTC.

California Residents: Visit the California Department of Justice’s Privacy Unit (https://oag.ca.gov/privacy) for additional information on protection against identity theft.

District of Columbia Residents: The District of Columbia Attorney General may be contacted at: 400 6th Street, NW, Washington, DC 20001; 202-727-3400; oag@dc.gov, and http://www.oag.dc.gov.

Maryland Residents: The Attorney General can be contacted at Office of Attorney General, 200 St. Paul Place, Baltimore, Maryland 21202; +1 (888) 743-0023; or http://www.marylandattorneygeneral.gov.

Massachusetts Residents: Under Massachusetts law, you have the right to obtain any police report filed in connection to the cybersecurity event. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.

North Carolina Residents: The Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; +1 (919) 716-6400; or http://www.ncdoj.gov.

New Mexico Residents: You have rights under the federal Fair Credit Reporting Act (FCRA), which governs the collection and use of information pertaining to you by consumer reporting agencies. For more information about your rights under the FCRA, please visit http://www.consumer.ftc.gov/articles/pd ... ng-act.pdf or http://www.ftc.gov.

New York Residents: The Attorney General can be contacted at the Office of the Attorney General, The Capitol, Albany, NY 12224-0341, +1 (800)-771-7755; or http://www.ag.ny.gov.

Rhode Island Residents: The Attorney General can be contacted at 150 South Main Street, Providence, Rhode Island 02903; +1 (401) 274-4400; or http://www.riag.ri.gov. You may also file a police report by contacting local or state law enforcement agencies.