? Security Alert! ?

May 15, 2017 6:05 pm

There was a notice on the site earlier about a possible security breach on Subeta. Upon being alerted we moved into what we refer to as code red immediately, informing all of you to change your passwords.

Upon further inspection it appears that the hacking was incredibly isolated, and we believe from a non-Subeta attack that leaked emails and passwords from third party accounts.

As always we recommend changing your password frequently (one account hacked today hasn't been logged in to for five years, and their password was floating around!) and checking lists like Have I been PWNed to see if your personal information has been released in a hack.

May 21, 2017, 10:52 pm by

Ouch, well i just recovered my account from forget the password, but was really surprised to see this on news. Well my account got a new pass, i dont have to worry too much. Its good to know always go to warring us!

May 17, 2017, 11:43 pm by

Quote

"Good news — no pwnage found!
No breached accounts"

Still it's about time to change all my passwords anyway. Sigh.

May 17, 2017, 5:03 pm by

I would. If it's associated with any of your IRL or e-friends, like you exchange emails or it's attached to your social media, they might use it to send phishing-emails, malware or spam to your friends masquerading as you, right?

May 16, 2017, 11:57 pm by

Looking at that site again, I've had no pastes...the 6 times I've been pwned...two unverified pwns...3 from websites (the accounts have now been deleted all together) and then that spam thing. My passwords have all been changed...and the all my accounts (like email) do have a two step log in thing anyways...I think I'm good. This is still very scary though.

May 16, 2017, 9:11 pm by

I haven't been pwned, thankfully. Thank you for letting us know!

May 16, 2017, 3:10 pm by

changed pasword. Thank's Keith. I hope this problem would be solved quickly. I'm PWNed 1 time :(

May 16, 2017, 12:02 pm by

Saw this a day late changes what's necessary

I'm safe on here, but it looks like my main e-mail has been breached three times.

May 16, 2017, 11:30 am by

All 3 emails were compromised and Neopets was listed on all 3 plus some others on my main email. Changed pws with a pw generator. Is that all I need to do?

May 16, 2017, 7:39 am by

I found my email was pwned on 3 sites,those being Last.FM,MajorGeeks and LinkedIn.I guess I'll be making a new gmail account and changing the pw on those sites as well as the email.Not that I have used two of those sites in a while.I'll be checking what other web sites I still have attached to that email,and change it to the new email.

May 16, 2017, 3:28 am by

Faaarrrrk....

May 16, 2017, 2:09 am by

Thank you kindly for this alert. Thankfully, all my online accounts appear to have been safe, but as a cautionary measure, I changed my login info. As a rule, I never reuse passwords, as tempting as it may be (considering I'm both lazy and forgetful). Even luckier, I'd closed my Neopets account about last year, and any email addresses I'd used for the site are now defunct/deleted (I only learned of the Neopets breach recently, and had gotten rid of the associated emails due to non-related security issues), and issues on other sites were before my time, as it were.

May 16, 2017, 2:01 am by

What the hell? What does pwned mean? How do I know if I'm pwned? I'm freaking out over here.

May 16, 2017, 1:07 am by

Er, I meant Neopets, ADOBE and Tumblr. Not Subeta.

May 16, 2017, 1:06 am by

Wow, I didn't know about that site... my main email address was "pwned" 5 times over the years ;_; Neopets, Subeta and Tumblr being the biggest ones. Yikes.

May 16, 2017, 12:09 am by

Should this maybe be linked in one of those announcement banners for a few days? It worries me that this post is getting pushed down the news page, where people might miss it.

May 15, 2017, 11:58 pm by

Pwned on 2 breached sites and found no pastes (subscribe to search sensitive breaches)

How can I search more?

May 15, 2017, 11:02 pm by

Looks like a certain other virtual pet site got me pwned, but I'm still safe with you guys!

May 15, 2017, 10:59 pm by

Thanks for the warning. It seems strange that this username has been breached somewhere. I really wonder if it's here or some other sites.

May 15, 2017, 10:25 pm by

So from what I understand, Subeta itself wasn't hacked- however, one of those lists of hacked emails and passwords has been leaked somehow. So if one of those hackers got our info from another place- neopets, tumblr, etc, and we use the same log in info on subeta as we used from those sites, we could be at risk for losing our accounts? And this has happened already, some accounts have been compromised because they use the same email/password combo as other sites?

May 15, 2017, 9:45 pm by

Oh hell, Tumblr pwned me -_-

May 15, 2017, 9:11 pm by

And the pwned website is blocked for me...

May 15, 2017, 8:51 pm by

I'm grateful for the update but slightly confused and concerned as well. My username is fine but my email has been hit but is that from here or another site because it's my main email. I have been using it as a web mail but due to recent issues, I was thinking of setting my email client up to download my mail to my desktop. Now I'm not sure if it's even safe to use at all.

May 15, 2017, 8:44 pm by

I took prints of what happened, and those files turned out to be corrupted, should I worry?

May 15, 2017, 8:37 pm by

Thanks

May 15, 2017, 8:32 pm by

Well...I was long overdue anyway.

Is google a half-decent pw manager? Or should I look for something else?

May 15, 2017, 8:30 pm by

again a attack? mmmh, what is going on that your site is open for this so many times? is not long time ago you say we should change our pw because of a attack. mmmh, but thank you for info, so or so i change my pw from time to time

May 15, 2017, 8:29 pm by

You shouldn't have to worry if you follow good guidelines to secure your account. It's always best to change your password ASAP when something's detected in the site, just like that Cloudflare breach last time.

May 15, 2017, 8:21 pm by

yeah the mobile app is... not the best lmao. only other thing i can think of is pulling up your tumblr's archive page on a mobile browser, but it's probably fine o:

May 15, 2017, 8:07 pm by

Thanks, I figured as much. I'm on the mobile app and I can't scroll that far back though haha.

May 15, 2017, 8:02 pm by

Ugh neopets...

Thanks for the heads up guys

May 15, 2017, 7:59 pm by

You found a Pink Gladiolus!

Thanks for the sympathy flowers news post

May 15, 2017, 7:56 pm by

So wait if i haven't used the email for this account for years, do I still have to change the PW anyone think

May 15, 2017, 7:55 pm by

Oh shit! Thanks for keeping us updated Keith! <3

May 15, 2017, 7:53 pm by

Oh man

May 15, 2017, 7:49 pm by

So, what do I do with a one-year-old breach? I changed my password a few times since then. How do I know if I'm safe now?

May 15, 2017, 7:47 pm by

I checked my email on pwned and it only listed 1 website that happened like 4 years ago and I've changed my info since that breech. What I'm not sure if I understand is, am I actually affected right now? No subeta info came up, or any other website that I use that others have claimed to have been affected on. I changed my subeta pw anyway.

May 15, 2017, 7:45 pm by

- If you reused a password, I'd still recommend changing it even if the accounts have different usernames. If there's any chance at all that someone could connect the accounts based on your identity, they're still at risk as long as that password is out there.

It's a risk I'd personally never take, but ultimately it's up to you.

And I hope you never lose that paper, because that could end very badly. :x

May 15, 2017, 7:39 pm by

- Obviously if you reused any of those passwords on any other accounts, then you'll still want to change passwords on the other accounts. If the dead account would have had any other personal information you want to keep safe, then you might want to go a step further and try to change that password too. Otherwise, you can probably just ignore it if you're comfortable with that. It really comes down to whether or not you would care if someone else takes control of it.

May 15, 2017, 7:37 pm by

Yikes! I was in need of a password change anyway! Thanks for the alert, just changed mine!

May 15, 2017, 7:33 pm by

thanks for the tips. the email address i use for subeta is one of the still safe ones, luckily. and this UN is unique for this site. but i did re-use passwords because my memory is shit u.u [i did write them down on paper, by hand, and that should keep them safe enough] :P

May 15, 2017, 7:30 pm by

Used the site to check my email and fuck you neopets ya bastards how dare you let my email get hacked last year. I don't even use that site anymore.

May 15, 2017, 7:27 pm by

Quick question

if you see a site that's been hit but you don't even use the account/go on the site at all any more what should you do? 3 sites were hit from what I seen but the thing is most of them I've not been on in years and years....

May 15, 2017, 7:26 pm by

Thanks for the alert!

May 15, 2017, 7:21 pm by

It happened since the sitewide font change.

May 15, 2017, 7:17 pm by

Wow, why is it doubling breaks between paragraphs? There's no reason for that post to take up so much space. :x

May 15, 2017, 7:14 pm by

Quote by InnAmoramento

i have 5 email addresses i use for various stuff. it seems just 2 are safe u.u</p>
<p>i suppose i should get rid of at least 2 of the pwned ones u.u

You don't have to get rid of those email addresses if you're still using them. Just make sure you change the passwords on those accounts, as well as:

A) any accounts that use the same password as a "pwned" account (because now that password has been compromised)

B) any accounts that you signed up with using those email addresses (because if someone has access to the email account, they may have used it to gain access to associated accounts)

Ideally you should already be using a unique password for every account, so if one account is compromised the damage stops there. If you reuse passwords, you'll have more work to do because now all accounts using that password are at risk.

May 15, 2017, 7:08 pm by

~ so just changing all my passwords on accounts associated with the emails should do the trick? Sounds good... going to take forever lol

May 15, 2017, 7:04 pm by

im in the clear but yikes

May 15, 2017, 6:59 pm by

Changed my password....Thanks Subeta team!

May 15, 2017, 6:59 pm by

I would just try to change your PWs for those e-mails and accounts (as much as you can). I don't think they can do much with e-mails if you give everything a completely new PW.

Use @username to mention someone. Supports markdown formatting.

Logged Out

? Security Alert! ?

Leave a Comment