d12drepmm's NeoHelp Site
The dilemma on 4/4/04. (The borovan posts)

HOME
Random Screenies
Accomplishments
Trade Accomplishements
Fake Screenies
Hidden Tower and Cove Items I've Owned/Bought
Greatest Restocks
Weapon Ratings, Statistics, Icons, and Reccomendations.
All the Paint Brushes
User Lookup SHields
War Prizes
Quest/Puzzle Prizes
An Analysis of Wealth
Fake Pages
The dilemma on 4/4/04. (The borovan posts)
Message Boards

Due to space constarints, I have had to move my analysis of the 4-4-04 dilemma, "glitch day" to a new page. (Special thanks to everyone that provided me with some of these screenies)

(Screenshots at the bottom)
The latest neopets scandal- the so called "Secret Word Hack"
Below is an article copied as it was from soupfaerie.com (4/4/04)

NOTE - THIS PROBLEM IS NOT FIXED

 

It happened to me again. The PW request page is supposedly supposed to be down so no one can take accounts anymore. However, I have still gotten PW emails containing my PW. I have also lost more items. I have self froze my account to protect it from any further damage.

FIRST

First, before you read any further, CHANGE YOUR NEOPET PASSWORD NOW! You can CLICK HERE to change your password.

Why this important announcement?

On April 3rd, there was a MAJOR glitch that allowed anyone to view your password and email address. How could they view it you might ask? Well, if someone went to the password request page and inputted your neopet user name, it would display both your password and email address. If someone took your password, they would then get into your account and steal anything and everything inside it. They could also change your password so you could no longer get into your account.

Why is it important to change my password now?

Well, if someone took your password and saved it, they can get still get into your account whenever they want. The only way you can protect your account now is to change your password.

Who does this affect?

This affects everyone. Even all of the "Big Name" neopet players. I lost my account temporarily and lost all of my NPs and a number of valueable items. Many people out there hare already lost all of their NPs and items.

Also, change your email account's password.

If you used the same password for your email account as your neo account, then anyone that might have taken and saved your password can now get into your email account. If you use an online email provider, then they can go through your saved emails and get anything from paypal and bank account information that might have been saved.

I've heard people say that this can affect me outside of Neopets. Is this true?

Yes! This is very true. If you used the same password for your email account and other things online, then in theory, the person that took your password could also get into things such as bank accounts and other things that deal with very important real life things. To be safe, change the passwords of all your online accounts and email addresses. Also, to be even more safe, always use a different password for your accounts. This will make it difficult for anyone to do anything to your other accounts online.

Why isn't neopets announcing this in the news?

Well, to be honest, I don't know why. The only thing I can personally figure out is that they like to keep problems that they create a secret. If no one knows they made a mistake, then no one will get upset with them. I personally think neopets needs to own up to the fact that this was one HUGE mistake that they made yesterday.

Written by a Fellow Neopets Player

Writen by ebilkitty

A Few Words Regarding the "Forgot Word" Bug

...and the way it's been handled

If you have a problem with the fact that Adam himself decided that it's not necessary to notify all users that there was a bug with the Forgot Word page causing email addresses and words to be displayed, you should register your concern with The Neopets Team immediately.

Featheralley was originally sent to tell people to change their words. Featheralley made several posts to the BD chat, stating that everyone should change their words. After some concern and questions by users, she posted again stating that TNT told her to post about it and that there was a problem with the Forgot Word page, which had caused users' words and email addresses to be displayed.

The problem with this is that Featheralley is NOT staff and a chat board is not the place to inform users that their personal information has been compromised. Shortly after this, people started complaining [for obvious reasons] that others were "bashing" Featheralley and that she was just trying to help. The fact that someone is well known doesn't mean that they can take the place of the staff when it comes to addressing serious issues involving the integrity of users' personal information.

Borovan posted shortly afterwards stating the same thing [Please click here to view someone's Petpage containing screen shots of borovan's boards]. He posted again stating that he had read our posts and decided that it was not worth it to address the problem on the News page. Adam himself has decided that it's not worth the "panic" and "support requests" that would come from notifying all users that their email addresses and words could have been given out to just about anyone today.

Apparently he doesn't see what's currently going on at the boards as "panic."

Some people use the same word for other sites and accounts not related to Neopets. What about those who used their word for their email account? The problems relating to this extend much further than just the Neopets site. This is a very serious issue.

If such a thing had happened at another site, such as E-bay or Paypal, where users' email addresses and words had been given out, it'd probably be all over the news as a severe security problem. However, the fact that Neopets doesn't involve credit card numbers or other extremely sensitive information doesn't make this any less severe.

This brings up another concern: How often has this kind of thing happened? They seem to be very intent on keeping situations like this one a big secret, so how often has your personal information been compromised? The fact that this kind of thing has happened is bad enough, but the fact that they're keeping it a secret is even worse.

Adam has decided that you don't have a right to know that your information may have been made public simply because you aren't a "rich" or "well-known" BD-chatter. Let him know you disagree. Millions of users are going to be completely oblivious to the fact that their personal information could have been made public and their accounts compromised. They have every RIGHT to "panic" and worry about the integrity of their other information on Neopets' servers. This is a very serious issue and it affects more than just accounts on the site. It affects the personal information of all of the users.

This isn't the only problem about which they've been reluctant to disclose information. How about the unequip bug that's cost users millions? Had they actually announced that bug, more people would be vigilant when unequipping their BD items. Not everyone will hear about that bug through word-of-mouth and will have to learn about it the hard way. Neopets neglects to inform users of important problems relating to the site.

 

Here is another version of the story I found

 

" 4-4-04: Okay, for any of you who missed the Hcking story. Here you go:

It first started out anonymously, people getting iced left and right. Some self-iced in fear, the whole thing. Adam posted several topics, saying that it was all a glitch and it will be fixed tommorow, but was this Adam? No one knows for sure. As far as I can see his account is still in tact and his pets are fine. After numerous anonymous rich people getting hcked and self-iced, finally the Hcker comes out of his shell.

So he posts, telling everyone to post usernames and he will give them whoever's pss (Similar to that of Zelsync). Most didnt believe him, in reply saying 'Yeah smart guy? Whats mine?' ... And yes, sure enough, he told them it. His next board was showing how he did it... posting a link to the Neopets login page and saying how (I wont give this out, but yes I did see it along with many others) So there the real chaos began. Noobs running around, stealing peoples accounts. If a rich person wasnt iced, 5 minutes later he/she was. Thankfully the glitch was fixed before an hour from the time of announcement, but many were frozen.

List of hcked accounts: hubrids_mansion, verygoodcharlotte, alzheimers, hrobi, sport_ll, zidane, ryken, starfox6441, aerospacegod, lunar_boi, lsteven14, frozenbutta, tmachoops, warhyyu, Clotho, intherno, thunder3_stud, whitehawk1000, aafftteerr2CAREFREE424, KEV_6969, _am_i_hopeless_, pacific_angel232, shaneyz, assassin13, azn_angel634, solidus_snake, charizardfan, sport2k, random_acts, mc123108, hooi_k, carinafox5, brandon_mckaig, drgoot, fed7, orare, aglandiir, aczitrom, yoshikoopa, hrobi. Plus many more I missed. (Credit to Pov for most of the list) "

 

Below are screenshots of Adams Posts

adam1.jpg

adam2.jpg

adam3.jpg

Below are shots of when Adam is thought to have been hacked.

adam.jpg

aadam.jpg

bhjmkbnh.jpg

dsg.jpg

fgnvbg.jpg

gfnbvn.jpg

ghnfv.jpg

Here are some other screenshots from 4-4-04. (I literally have about 50, so it could be a while before they are all up.)

giveback.jpg

feather1.jpg

feather2.jpg

feather3.jpg

Enter supporting content here