? Security Alert! ?
There was a notice on the site earlier about a possible security breach on Subeta. Upon being alerted we moved into what we refer to as code red immediately, informing all of you to change your passwords.
Upon further inspection it appears that the hacking was incredibly isolated, and we believe from a non-Subeta attack that leaked emails and passwords from third party accounts.
As always we recommend changing your password frequently (one account hacked today hasn't been logged in to for five years, and their password was floating around!) and checking lists like Have I been PWNed to see if your personal information has been released in a hack.
Posted by Keith
MrsLuciel
Ouch, well i just recovered my account from forget the password, but was really surprised to see this on news.
Well my account got a new pass, i dont have to worry too much.
Its good to know always go to warring us!
Well my account got a new pass, i dont have to worry too much.
Its good to know always go to warring us!
0
ChatLunatique
Quote:
Still it's about time to change all my passwords anyway. Sigh.
"Good news — no pwnage found!
No breached accounts"
0
Wolfmyth
Looking at that site again, I've had no pastes...the 6 times I've been pwned...two unverified pwns...3 from websites (the accounts have now been deleted all together) and then that spam thing. My passwords have all been changed...and the all my accounts (like email) do have a two step log in thing anyways...I think I'm good. This is still very scary though.
0
Annet
changed pasword. Thank's Keith.
I hope this problem would be solved quickly. I'm PWNed 1 time :(
I hope this problem would be solved quickly. I'm PWNed 1 time :(
2
Tomato
All 3 emails were compromised and Neopets was listed on all 3 plus some others on my main email. Changed pws with a pw generator. Is that all I need to do?
0
Oasis
I found my email was pwned on 3 sites,those being Last.FM,MajorGeeks and LinkedIn.I guess I'll be making a new gmail account and changing the pw on those sites as well as the email.Not that I have used two of those sites in a while.I'll be checking what other web sites I still have attached to that email,and change it to the new email.
0
steampirate
Thank you kindly for this alert. Thankfully, all my online accounts appear to have been safe, but as a cautionary measure, I changed my login info. As a rule, I never reuse passwords, as tempting as it may be (considering I'm both lazy and forgetful). Even luckier, I'd closed my Neopets account about last year, and any email addresses I'd used for the site are now defunct/deleted (I only learned of the Neopets breach recently, and had gotten rid of the associated emails due to non-related security issues), and issues on other sites were before my time, as it were.
0
MidnaMoon
What the hell? What does pwned mean? How do I know if I'm pwned? I'm freaking out over here.
0
Alewiina
Wow, I didn't know about that site... my main email address was "pwned" 5 times over the years ;_; Neopets, Subeta and Tumblr being the biggest ones. Yikes.
0
Speiro
Should this maybe be linked in one of those announcement banners for a few days? It worries me that this post is getting pushed down the news page, where people might miss it.
6
Redwolflake15
Pwned on 2 breached sites and found no pastes (subscribe to search sensitive breaches)
How can I search more?
How can I search more?
1
Cordyceps_sapiens
Looks like a certain other virtual pet site got me pwned, but I'm still safe with you guys!
0
MOKONA
Thanks for the warning. It seems strange that this username has been breached somewhere. I really wonder if it's here or some other sites.
0
Mackenzi
So from what I understand, Subeta itself wasn't hacked- however, one of those lists of hacked emails and passwords has been leaked somehow. So if one of those hackers got our info from another place- neopets, tumblr, etc, and we use the same log in info on subeta as we used from those sites, we could be at risk for losing our accounts? And this has happened already, some accounts have been compromised because they use the same email/password combo as other sites?
0
RiverGum
I'm grateful for the update but slightly confused and concerned as well. My username is fine but my email has been hit but is that from here or another site because it's my main email. I have been using it as a web mail but due to recent issues, I was thinking of setting my email client up to download my mail to my desktop. Now I'm not sure if it's even safe to use at all.
0
Nephna
I took prints of what happened, and those files turned out to be corrupted, should I worry?
0
DarkVixen28
Well...I was long overdue anyway.
Is google a half-decent pw manager? Or should I look for something else?
Is google a half-decent pw manager? Or should I look for something else?
0
DimDim
again a attack? mmmh, what is going on that your site is open for this so many times? is not long time ago you say we should change our pw because of a attack. mmmh, but thank you for info, so or so i change my pw from time to time
1
Rocketlauncher
@BlueRiver
You shouldn't have to worry if you follow good guidelines to secure your account.
It's always best to change your password ASAP when something's detected in the site, just like that Cloudflare breach last time.
You shouldn't have to worry if you follow good guidelines to secure your account.
It's always best to change your password ASAP when something's detected in the site, just like that Cloudflare breach last time.
0
Stiles
So wait if i haven't used the email for this account for years, do I still have to change the PW anyone think
0
BlueRiver
So, what do I do with a one-year-old breach? I changed my password a few times since then. How do I know if I'm safe now?
0
Luck
I checked my email on pwned and it only listed 1 website that happened like 4 years ago and I've changed my info since that breech. What I'm not sure if I understand is, am I actually affected right now? No subeta info came up, or any other website that I use that others have claimed to have been affected on. I changed my subeta pw anyway.
0
Speiro
@innamoramento - If you reused a password, I'd still recommend changing it even if the accounts have different usernames. If there's any chance at all that someone could connect the accounts based on your identity, they're still at risk as long as that password is out there.
It's a risk I'd personally never take, but ultimately it's up to you.
And I hope you never lose that paper, because that could end very badly. :x
It's a risk I'd personally never take, but ultimately it's up to you.
And I hope you never lose that paper, because that could end very badly. :x
0
Speiro
@Virus - Obviously if you reused any of those passwords on any other accounts, then you'll still want to change passwords on the other accounts. If the dead account would have had any other personal information you want to keep safe, then you might want to go a step further and try to change that password too. Otherwise, you can probably just ignore it if you're comfortable with that. It really comes down to whether or not you would care if someone else takes control of it.
0
innamoramento
@Speiro
thanks for the tips. the email address i use for subeta is one of the still safe ones, luckily.
and this UN is unique for this site. but i did re-use passwords because my memory is shit u.u
:P
thanks for the tips. the email address i use for subeta is one of the still safe ones, luckily.
and this UN is unique for this site. but i did re-use passwords because my memory is shit u.u
:P
0
DoomQueen
Used the site to check my email and fuck you neopets ya bastards how dare you let my email get hacked last year. I don't even use that site anymore.
7
Damon
Quick question
if you see a site that's been hit but you don't even use the account/go on the site at all any more what should you do? 3 sites were hit from what I seen but the thing is most of them I've not been on in years and years....
if you see a site that's been hit but you don't even use the account/go on the site at all any more what should you do? 3 sites were hit from what I seen but the thing is most of them I've not been on in years and years....
2
Speiro
Wow, why is it doubling breaks between paragraphs? There's no reason for that post to take up so much space. :x
0
Speiro
Quote by @innamoramento:
You don't have to get rid of those email addresses if you're still using them. Just make sure you change the passwords on those accounts, as well as:i have 5 email addresses i use for various stuff. it seems just 2 are safe u.u
i suppose i should get rid of at least 2 of the pwned ones u.u
A) any accounts that use the same password as a "pwned" account (because now that password has been compromised)
B) any accounts that you signed up with using those email addresses (because if someone has access to the email account, they may have used it to gain access to associated accounts)
Ideally you should already be using a unique password for every account, so if one account is compromised the damage stops there. If you reuse passwords, you'll have more work to do because now all accounts using that password are at risk.
4
Rocketlauncher
I think people often use someone else's email addresses, simply because the site needs one for whatever reason.
For example: test(at)gmail.com
Oh no — pwned!
Pwned on 93 breached sites and found 269 pastes (subscribe to search sensitive breaches)
For example: test(at)gmail.com
Oh no — pwned!
Pwned on 93 breached sites and found 269 pastes (subscribe to search sensitive breaches)
1
stjarne
thank you very much Keith for looking out for us. changed mine just now.
stay safe everyone!
stay safe everyone!
0
Hunger
Thank you so much for looking out for us! Usually I never know about these things, so thank you<3
My current email seems to be ok, but it says my old one was pwnd 3 times...the email I can't access anymore, so I'm not sure if it makes a difference :/ I would change that password if I could
My current email seems to be ok, but it says my old one was pwnd 3 times...the email I can't access anymore, so I'm not sure if it makes a difference :/ I would change that password if I could
1
Moin
The lost password form isn't working right now. I have tried disabling my Adblock in case that was causing problems but it's still just going to a blank page when I enter my email. Sucks because I logged out to request a new password because I have difficulty remembering which ones I use for which sites and planned on just resetting it. Now I'm stuck on mobile only until I either guess it or the form works again. But guessing it sounds like a good way to get locked out completely so that doesn't sound fun.
0
Sunfire103
Looking up email address, general spam issues and well of couse neopets show a hit on most LOL.
My usernames don't show much except a couple of a sites I never signed up for, so looks good for now anyways.
My usernames don't show much except a couple of a sites I never signed up for, so looks good for now anyways.
4
janine
How does the PWNed page work... I checked both my emails and the only places that came up were Tumblr and Myspace. Both I knew about before and dealt with at the time.
Is there more to that page that I don't know about?
Is there more to that page that I don't know about?
3
Jules
I have several email addresses... I have 4 that I use most and 3 of them have been pwned :(
I already dumped all my yahoo addresses except one because of their problems but that one checked out ok.
What to do what to do.... Should I switch my stuff off of my pwned accounts (which means updating a lot of email addresses on many many sites used for all kinds of shopping activity, accounts, and such, not to mention my main internet provider email, argh)???? :(
Help?
I already dumped all my yahoo addresses except one because of their problems but that one checked out ok.
What to do what to do.... Should I switch my stuff off of my pwned accounts (which means updating a lot of email addresses on many many sites used for all kinds of shopping activity, accounts, and such, not to mention my main internet provider email, argh)???? :(
Help?
1
Wolfmyth
So apparently my email was pwned 6 times (bloody neopets being one of them). Tumblr...which I never use, and then 4 that were...from something. I have changed my passwords...so everything should be good now...right?
2
Life
Does anyone know how to find out the date you joined tumblr? It says my email was part of a breach on tumblr in 2013 but id think my account is that old.
1
arixen
Thank you so much, Keith. The prompt attention and action to protect users by you and by Subeta staff is always very much appreciated.
0
Ferinsy
Thanks for the link. It seems I was pwned only on the other pet site... But that was a year ago
0
Doe
Interesting for the Pwn site, though it has a few websites I've never been on before. Thanks for the heads up, so I changed my pass.
1
Katala
just earlier today someone requested to change my facebook password. not sure if this is related, but i went ahead and changed my password there too
0
Lariel
Password is officially changed--Darn my love fo rcute sites, using the same username--I haven't used most of those sites in a loooong time and I never put money on them, thank goodness. Thank you, Keith! ^_^
0
Jules
Just checked my email that i use for this site and it said..
Oh no — pwned!
Pwned on 3 breached sites and found no pastes
My Internet service provider being one of them argh
There is an option to sign up to be notified if this happens... anyone use this place?
Oh no — pwned!
Pwned on 3 breached sites and found no pastes
My Internet service provider being one of them argh
There is an option to sign up to be notified if this happens... anyone use this place?
0
innamoramento
and i only had changed it a few months back.
i have 5 email addresses i use for various stuff. it seems just 2 are safe u.u
i suppose i should get rid of at least 2 of the pwned ones u.u
le sigh
i have 5 email addresses i use for various stuff. it seems just 2 are safe u.u
i suppose i should get rid of at least 2 of the pwned ones u.u
le sigh
0
Devilish
How is it possible that my email has been owned by 4 sites I've never even been a member of? LOL.
2
Tempest
@dr_onu
It means that your email was included in those 3 security breaches when they happened. It doesn't necessarily mean that someone has your information and is going buckwild, it just means that it was included in the list when those sites were attacked.
It means that your email was included in those 3 security breaches when they happened. It doesn't necessarily mean that someone has your information and is going buckwild, it just means that it was included in the list when those sites were attacked.
1
Jules
pw changed... but now I won't remember it and have to look it up all the time lol
I changed my pin a few months ago.... should I change it again?
I changed my pin a few months ago.... should I change it again?
0
stars_water
Yandex? Linux Mint? Minecraft? Tumblr? Jeez, what the heck is up with this list? I guess I know what I'll be doing for the next half-hour. -groans-
4
Dr.Oru
I've re-read it a lot but I don't understand ;;;; Could someone explain to me if, by inputing my email on the "PWNED" site and it shows up as 3 pwned, what does that mean? I understand it's not something positive qqq
0
Rocketlauncher
Don't forget to change your PIN as well, or add one at least for changing your passwords.
0
frederick
Also: avoid reusing passwords! When hacks happen people use the leaked databases to check other sites using the username/password pairs to see if they work. Unique passwords may not be so important for petsites, but they very much are for places like banks, Amazon, and your email.
18
loopa
thanks for the warning and the website for being pwned....changed my password just in case!!
0
acid
both concerned and somewhat entertained that there's a real internet resource named "have i been pwned" -- thank you for this alert!
19
Whimsical
yikes, got my sister to change her password and I changed mine as well. It was time I updated it anyway.
0