NOTE - THIS PROBLEM IS NOT FIXED

It happened to me again. The PW request page is supposedly supposed to be down so no one can take accounts anymore. However, I have still gotten PW emails containing my PW. I have also lost more items. I have self froze my account to protect it from any further damage.

FIRST

First, before you read any further, CHANGE YOUR NEOPET PASSWORD NOW! You can CLICK HERE to change your password.

Why this important announcement?

On April 3rd, there was a MAJOR glitch that allowed anyone to view your password and email address. How could they view it you might ask? Well, if someone went to the password request page and inputted your neopet user name, it would display both your password and email address. If someone took your password, they would then get into your account and steal anything and everything inside it. They could also change your password so you could no longer get into your account.

Why is it important to change my password now?

Well, if someone took your password and saved it, they can get still get into your account whenever they want. The only way you can protect your account now is to change your password.

Who does this affect?

This affects everyone. Even all of the "Big Name" neopet players. I lost my account temporarily and lost all of my NPs and a number of valueable items. Many people out there hare already lost all of their NPs and items.

Also, change your email account's password.

If you used the same password for your email account as your neo account, then anyone that might have taken and saved your password can now get into your email account. If you use an online email provider, then they can go through your saved emails and get anything from paypal and bank account information that might have been saved.

I've heard people say that this can affect me outside of Neopets. Is this true?

Yes! This is very true. If you used the same password for your email account and other things online, then in theory, the person that took your password could also get into things such as bank accounts and other things that deal with very important real life things. To be safe, change the passwords of all your online accounts and email addresses. Also, to be even more safe, always use a different password for your accounts. This will make it difficult for anyone to do anything to your other accounts online.

Why isn't neopets announcing this in the news?

Well, to be honest, I don't know why. The only thing I can personally figure out is that they like to keep problems that they create a secret. If no one knows they made a mistake, then no one will get upset with them. I personally think neopets needs to own up to the fact that this was one HUGE mistake that they made yesterday.

Written by a Fellow Neopets Player

Writen by ebilkitty

A Few Words Regarding the "Forgot Word" Bug

...and the way it's been handled

If you have a problem with the fact that Adam himself decided that it's not necessary to notify all users that there was a bug with the Forgot Word page causing email addresses and words to be displayed, you should register your concern with The Neopets Team immediately.

Featheralley was originally sent to tell people to change their words. Featheralley made several posts to the BD chat, stating that everyone should change their words. After some concern and questions by users, she posted again stating that TNT told her to post about it and that there was a problem with the Forgot Word page, which had caused users' words and email addresses to be displayed.

The problem with this is that Featheralley is NOT staff and a chat board is not the place to inform users that their personal information has been compromised. Shortly after this, people started complaining [for obvious reasons] that others were "bashing" Featheralley and that she was just trying to help. The fact that someone is well known doesn't mean that they can take the place of the staff when it comes to addressing serious issues involving the integrity of users' personal information.

Borovan posted shortly afterwards stating the same thing [Please click here to view someone's Petpage containing screen shots of borovan's boards]. He posted again stating that he had read our posts and decided that it was not worth it to address the problem on the News page. Adam himself has decided that it's not worth the "panic" and "support requests" that would come from notifying all users that their email addresses and words could have been given out to just about anyone today.

Apparently he doesn't see what's currently going on at the boards as "panic."

Some people use the same word for other sites and accounts not related to Neopets. What about those who used their word for their email account? The problems relating to this extend much further than just the Neopets site. This is a very serious issue.

If such a thing had happened at another site, such as E-bay or Paypal, where users' email addresses and words had been given out, it'd probably be all over the news as a severe security problem. However, the fact that Neopets doesn't involve credit card numbers or other extremely sensitive information doesn't make this any less severe.

This brings up another concern: How often has this kind of thing happened? They seem to be very intent on keeping situations like this one a big secret, so how often has your personal information been compromised? The fact that this kind of thing has happened is bad enough, but the fact that they're keeping it a secret is even worse.

Adam has decided that you don't have a right to know that your information may have been made public simply because you aren't a "rich" or "well-known" BD-chatter.

Just a quick reminder that it is very important that you change your password on a regular basis. Yes, really important, and you can click here to do it!