Pssst, I think that something is back...

Maybe you should go check it out? It's been a while, after all.
welcome to h.a.c.k. it's baaaack~
Whenever somebody's account is compromised, the boards seem to erupt into a chaotic frenzy of people running around as if all of their hair is collectively on fire - all screaming that the CGs are coming (one day, some awesome artist will animate that scene for me). As entertaining as this is to watch, these very same people that refuse to visit any shops, petpages, userlookups, and petlookups also occasionally find themselves with stolen accounts, thus leading to even more panic and mass hysteria. Yes, I did often troll such people. However, I also feel that many Neopians are oblivious as to how ridiculous they are - they hide from the rarest form of account compromisation but leave themselves wide open to the easiest and most common methods.
This page's purpose is to inform Neopians of the methods which are used to steal their accounts, and also to teach Neopians how to better protect themselves

After all, there is no protecting yourself from a threat unless you know what it is; knowledge is half the battle. This is not a how-to guide, nor is it a page of useless information bashing (or defending) TNT. This is what TNT should be telling us, since my goal is to show that most accounts lost are at the fault of the player and not the administration of the site (not to say that they couldn't do much better, though...). Account theft is often (but not always) preventable, as long as you know the methods, and if it's not preventable, there are measures you can take to ensure that your account will be returned safely.

Welcome to H.A.C.K. - Helpful Account Compromisation Knowledge. May you find the answers to your many questions here, and I wish you the best of luck in keeping your account secure.

a brief overview of what you're about to read
Contrary to what many people claim, no one has ever hacked into Neopets, accessed user information, accounts or usernames. The ONLY means by which a user can have an account stolen is when they inadvertently or intentionally gives away their [word]. - Official TNT Quote

Not to call TNT out on anything, but this is not entirely true. There is an entire world of ways that users can have their accounts stolen, of which most users are entirely unaware. Granted, a user hacking into the Neopets Database is so far a myth that cannot be proven, but TNT was correct in saying that account protecion is your responsibility. Granted, they do have a Security page, but it does not quite cut it anymore.

This is not a how-to guide, nor will it offer complete protection from account theft. Afterwards, some helpful tips to preventing account theft and ensuring that, in the case of theft, the account can be proven to be yours will be discussed. I will also briefly skim over what to do once your account has already been stolen and other methods of cheating before concluding with a Frequently Asked Questions section and other sitely goodies.

Before reading any further, please understand that I, 0llyness, am in no way affiliated with the process of compromising accounts. All of my knowledge comes from paying attention over the past several years and help from random people who are more informed with this process than myself.

wait! before we actually begin...
Before reading any further, please understand that I, 0llyness, am in no way affiliated with the process of compromising accounts. All of my knowledge comes from paying attention over the past several years and help from people who are more informed with this process than myself.

Also, please understand that the purpose of this page is for you to protect your accounts. No, it's not here to help you spot cheaters and thieves, nor is it here for you to run around accusing everyone you meet of having stolen whatever it is that you're accusing them of stealing. Mind your own business. Use this guide to protect yourself, not to do harm to others. Don't be a jerk.

Those disclaimer asides, I have another reason for including a random section before the real content of this page begins – a brief history and rant.

I originally made this page back in 2011, typing up everything I knew, sticking it into some quick coding I had for a different guide, and putting it up on Rei's page for the world of Neopia to see. A year later, I expanded on the content, coded a half-way decent layout, and was pretty pleased with myself. Of course, that was a mistake, because in adding content, I taught the PC how to check caches of their pets… and then everything started spiraling out of control.

Why? Because the witch-hunt had begun. Any user and any pet that wasn't known began to be questioned, and a lot of people unfairly lost their pets. People went crazy.

I don't want that.

I really, really don't want that.

So I took this page down. The cheaters rejoiced, accrediting one of their own as the reason why I decided to take this page down (because, apparently, having accidentally fueled paranoia and justified panic in the PC was not enough reason for me to take this guide down was not enough of a reason?) and had no intention of ever bringing it back again. After all, the point of this guide was to keep the reader safe, not make them accuse others.

Then the neomails began. At first, I ignored them, thinking that people would give up with time. I hiatused, I more or less left Neopia for a while, I came back, I became inactive, time passed, years passed, and yet the neomails still came. People whose accounts had been around for less time than this page had been down kept asking me for information, old-timers kept requesting for me to either bring this page back or let them save a copy for themselves, and, basically, people still wanted to know.

So, finally, I sat down one day, brought out the .html file I had saved, and began revising. This is not the HACK that was originally created, nor is it the page that sparked a lot of drama. Sure, much of the information is the same (I'm much too lazy to type up everything anew), but I've changed my focus and shifted a lot around. Mind you, it's been a while, and a lot was out of date… and I really, really don't want to accidentally fuel a witch hunting mob again.

So… I hope y'all like HACK more this time around.

how does one begin to protect their account?
There is no 100% foolproof way to guarantee account protection and security. If there was, I would call this page Secure Your Account - Guaranteed and there would be no use for all of the other sections here. That'd be an awesome page… but, alas, not possible at this point of time. However, there are ways to make your account safer... just keep in mind that you always need to have a backup plan. Shall we begin?
  • Never trust anyone. Despite babysitting and sharing accounts being against the rules, there are still many users that allow others access to their accounts. Don't. This is idiotic. Furthermore, don't even give out actual details about your accounts, such as the mails they are attached to or old words. Never mention PINs anywhere either. Just don't trust people, even if they are your friends.
  • Keep your own accounts secure. Ensure that your mail is secured and check it often to make sure that it is not purged, keep records of everything, change things regularly, and such. No, the PIN and birthday will not protect you from most of these. I'm sorry, but protecting your accounts is up to you.
  • Have separate information for each of your accounts. Seriously. Don't use the same word/PIN/birthday (if you're creating new side accounts) across all of your accounts. This way, even if you lose one, you don't lose them all. Speaking as somebody that has lost one before, I'm still grateful that I had separate information and managed to keep my other four accounts safe.
  • Have a good, strong word... Although much of this guide talks about methods of getting into accounts that aren't related to your word being guessed, that can still happen. Remember, length is more important to a strong word than the craziness of the characters involved. As a general rule, I recommend using a short phrase that you find easy to remember (for example, HACK is the best site), and typing it out with some capitalization, numbers, and punctuation (so, using our example, HACK!istheb35Tsit3!). That's both (relatively) easy to remember and (relatively) secure. To better explain this point, I'll refer to xkcd #936, below:
  • …and change your (strong) word often. I can't stress this point enough. If somebody has access to your account, they often won't move on it immediately – too much of a risk of losing it. They'll be gradual and whatnot. An easy way to kick somebody out of having access to your account is to change your word periodically, so once every couple of months. While you're at it, keep a record of your old words!
  • Change your pin and word periodically, on everything. Wait, wasn't this one just stated? Sort of, but it's that important. Don't just change your account's word, change you PIN, mail's word, and so forth. Regularly. Although this might not necessarily save your account, it can help. If somebody has gained access to your accounts but has not acted upon it yet, you changing your word, pin, and mail's word will actually make them have nothing left and thus lose access. If you see something suspicious, change everything. If there are a lot of people losing their accounts, change everything ever 24 hours or so for a bit. Paranoia can sometimes pay off.
  • If it is too good to be true, it probably is. I really hope that this cliche phrase is burned into your mind. It is the truth. Yes, luck happens and the Neogods/Neokarma can be good, but only to a certain extent. More often than not, "luck" on Neopets can be something very fishy.
  • Don't visit suspicious pages. I am willing to scream in huge fonts that CGs are much less common than the public believes, but they are not entirely non-existent. Especially offsite, they can be anywhere.
  • Think with your head. Don't do crazy things on impulse, don't accept stupid offers, realize that there are no shortcuts, don't fall for scams, and all of that. A lot of this is simply common sense, which is obtained by stopping for a moment and considering the situation.
  • Watch that mail. Mail accounts purge regularly. Make sure yours doesn't. Also, check for anything remotely suspicious on there, and check often.
  • Use TNT's methods of security. Despite them not always being effective, a PIN and a birthday lock will actually protect you from a certain (read: low) level of theft. A PIN can at least slow them down, since PINs have that wonderful limit to how many times you can get them incorrect in an hour. Hey, something is better than nothing.
  • Keep Neopets and other things seperate. Your Neopets mail is your Neopets mail; your fansite mail is your fansite mail; your real mail is your real mail. Not a hard thing to imagine. If you are on a fansite and recognizable as yourself (which has its perks, I know), be sure to use a different word than your Neo one. People can see those, you know. Just be careful... you don't want someone getting more important information on accident.
  • If in doubt, change it all and hermit. If there is a lot of suspicious activity going on, change all of your information, secure your account, and then don't go onto any user-edited places (including the boards) for a week or two. Work on your own stuff. Spin some wheels. Play Cellblock. Spam the NT Editorial asking for more pet slots. Whatever. Just avoid people to try to stay safe.
  • Read this page. From start to finish. Yes, I am being lame and self-promoting right here. You should read everything, because everything is important. To know how to protect yourself, you should understand how things happen, and for this you need to be informed.
  • Stay alert. Stay informed. Stay protected. I'm not saying that you should visit HACK daily (I don't), but do keep an eye out on the boards for new threats and do check back at least every now and then. No, I'm not asking for views, but I will (try to) update if I smell a CG wave or see a new threat. The purpose of this page is to serve and protect you, not to sit here looking pretty. The boards are also an amazing place to get information, but as long as the source is a good one.
Of course, as I've said, nothing can protect your accounts with 100% certainty. Don't worry, though, there's more you can do to ensure that you keep playing this game on your accounts, with your items and your pets.
You do not want to wake up one morning, find your account gone, and then sit around scratching your head and trying to remember things that can prove you to be the owner of your accounts, especially if the thief made note of things on your accounts for a while and can bring up more information than you. Instead, keep a spreadsheet with important and helpful information to prove that you are the owner of your account. Here are some of my suggestions as to what information you should keep, for each account you have, in your spreadsheet. (Another great resource for this is /~ShimmeringBliss.)

  • TNT's Requested Information (i.e. stuff they'll actually ask for in your ticket)
    • Previously used word(s): All of the previous words you can think of. I keep mine in order. To fill up this list a bit, change your words once every 24 hours for a week when you begin this spreadsheet. And yes, all of them.
    • Previously used mail(s): Again, all of the ones you can think of.
    • Your Birthday: You should know this.
    • Who are your Neofriends?: I keep a list of quite a few, and have several of my friends' sides neofriended on my sides for the sake of security.
    • Neocash Purchased: Oh Fyora is this a long one. I don't keep a fully updated list, but I keep a lot if it. There's actually a link in the NC Mall where you can view it… I have screenshots of (many) of my pages (but so can any thief).
    • Rare Item Codes Redeemed: This is an important one. If you redeem a code (Space Faerie is a common one), include it here.
    • Warnings received: This is another important one, and a rather easy one. Try to keep the dates; if not, the month will do. Include what happened and the type of punishment received.
    • Pets you have created, abandoned or transferred: Adopt and abandon some Pound pets to have this list be longer, making notes of the dates. Try to have the dates that you trade pets or something of the sort recorded as well. This is often a section that the thief will not details about.
    • Items in your closet or equipped to pets This is a long one. If you're a NC account like me, just list notable items.
    • Further explanation, additional details: This will be where you put everything else you can remember
  • My Additions (i.e. stuff you can put in Further explanation)
    • Ticket Numbers I don't keep every Bug Report that I have ever spammed Rico with (poor Rico), but there are some notable Tickets in here. I also keep some that I've deleted from the list… not sure if TNT can still see them, but a thief wouldn't be able to.
    • Gallery Theme Very important in my opinion, though it is something that can be accessed later.
    • Odd Items in SDB This is rather important. Try to keep track of some of the junk items you have in there and their quantities. Just pick a few specific items and make note. For example, keep 128 each of three types of squid and 4 of a couple cheap books.
    • NC Card Codes This is possibly the most important thing on this list. How will a thief know all of your exact NC card codes? Plus, TNT is guaranteed to have a record of all of them. If you use a code, record it.
    • Important Dates I got X avatar on X day, here's a screenshot and so forth. Screenshots are awesome.
    • IP Addresses Use Neopets at home and on your phone's 4G? Get both of those IP addresses, and any others where you might have logged in, and include them. This will also help TNT recognize the thief.
There are plenty of other sections that can be added if you so choose. Keep in mind that a good thief will also try to secure your account, so do as much as you can with things that they will never know about, like pets on the account, old words, and NC card codes. Remember - all of this information may one day be submitted to TNT with hopes that they will believe you that your account is indeed yours.
Alas, protection and prevention are not always enough. Once an account is lost, however, it is not always the end. You can always try to reclaim your lost neoproperty through the tedious and grueling ticket system.
Sometimes, you might begin to suspect that you're about to lose your account based on suspicious things going on. For example, a friend of mine that nearly lost her account reported that odd things were happening - she'd have a couple less neopoints than she thought she had or some RE she skipped, and once even a neomail she didn't remember sending being responded to. If something like this is happening, there's a chance that somebody is in the process of securing your account… but there's still time for you to act.

Change all of your information immediately (make sure the mail is still correct!) and then send in a ticket to TNT saying that you think your account is being compromised and to please return it to you, including something that will tell them that it is indeed you. Afterwards, self-ice to protect your belongings. You will now have to submit a ticket to continue the process, which will leave you in more or less the same situation as one with a stolen account (except that your account will hopefully still be intact).

Alternatively, you can just change everything and hope for the best, without the self-icing. You'll still have your account, but there is a slight chance that the thief can/will immediately regain access.

If your account is frozen, good. You should be happy. Your stuff is safe, you just have to prove it's your account to get it back. If it's not frozen, report it using this form and explain to TNT that this is your account, it was compromised, and you would like it temporarily frozen while the ticket is being dealt with. The sooner you do so, the better. This way, the thief can no longer look through your account and/or move off your possessions while the ticket is being processed, and thus your prized possessions are safe.
    Be sure to be polite and explain everything in as much detail as possible. Do not send in multiple tickets, and do not be frantic (at least not at first). Include as much information as you can, and try not to seem frantic. If you are a premium member or spend a lot on NC, it is crucial to mention that as often as possible. If you know another language used on Neopets, it might be recommended to use it to submit the ticket, as you are likely to get a faster response.
    It can take TNT months to answer a ticket. This has gotten a bit better since the Jumpstart transition, but there are still some tickets that sit around for nine months. Sit around and twiddle your thumbs during this time, building awareness for your case. Once TNT replies, you will either get your account back, be informed that you will not be getting it back, or be asked for additional information. This is the point at which you can play various bargaining games, though it is still recommended to be polite. Sometimes, TNT will answer that they are unable to return your account. If this is the case, politely re-explain the situation and ask for them to look into it a bit more, provide additional information, but do not submit another ticket. It is better to chat via the comments than spam them with unneeded tickets (as doing so can get all of your tickets closed).
    One of the things that you can do while waiting is make boards raising awareness for your case - especially if you have had any pets stolen. When doing so, be sure not to post exact names or name formats (for example, for bakathi23077 the UC Ice Bruce, I would put xxxxxxxx#### +/- a few letters and/or numbers the UC Ice Bruce), or your board may be deleted. Remember, X is uppercase, x is lowercase, and # represents numbers. Never provide enough detail to identify the pet, but provide just enough so that you will be contacted if somebody sees a pet which may be yours floating around. If less people trade for the pet, you have a higher likelihood for having that pet returned to you, so it is good to build awareness. Furthermore, people knowing might just help your case in the long run. Sadly, there is never a guarantee of having everything (or anything) returned.
so, what does TNT have to say about all of this?
Sadly, not much so far. Typically, they seem to refuse to officially acknowledge user security issues. However, here's what I could find:

From the Official Chat Rules:
Contrary to what many people claim, no one has ever hacked into Neopets, accessed user information, accounts or usernames. The ONLY means by which a user can have an account stolen is when they inadvertently or intentionally gives away their [word].

TNT has also addressed this issue in several editorials, which have been copied below:

Q: I've seen a few instances on the board lately where someone who stole someone's account asked for the remmact link or tried to get frozen by using... bad words. Is there a way to report these people without freezing the account? I don't think it's fair to the people who got scammed, so I don't report these types of problems. ~felicity437
A: Please report accounts that have been accessed by someone other than the actual owner! You're doing them a favour. The best way to protect an account that has been stolen is by having it frozen. Once an account is frozen, the thief can no longer bring further harm to the account. The actual owner can then write in to support to reclaim their account. So please, report what's going on if you see any account that this is happening to. If the thief is already trying to deactivate the account then it may already be cleared out, but reporting still helps us to get the account back to the true owner. ~ A: When someone posts a link on the site that is most likely a cookie grabber or some other extremely malicious site, we don't typically peruse the rest of the thread to see if it was accidental. We have to get rid of those boards ASAP before people visit the link out of curiosity. There's no reason you need to repeat a scam on a board. If you receive a scam in the form of a Neomail, please just report it directly. You don't have to give it more attention and spread it around on the boards. You are responsible for what you post, even if it's a quote from someone else. Never repost or quote an inappropriate post or scam on the boards. ~ Editorial 394

Q: Recently I saw an article on Fox about Neopets security, I don't know what to believe since I haven't heard anything official from you guys but the guys at Fox have me scared. Can you please clear up this whole situation for me by explaining it? :| Love you guys, your awesome.;D ~overduse
A: We're going to hand this one over to Lawyerbot.

As you know, Neopets security is as active as always, so no reason to be scared. You may have heard about some recent news in the press which has led to some confusion about Neopets' actual security policies and measures. To be clear, Neopets actively restricts users from entering third party website URL links on its message boards or Neomails. In fact, we take substantial preventative measures to prevent the kinds of scams described in the news. Since scammers who want to trick you into visiting their websites can't post their links they will try to trick you into pasting third party urls in your browser to get you to visit another website with promises of free Neopoints, free paintbrushes, etc. but most users recognize these as scams. We warn users about these scams on the Wall of Shame ( and we remind you never to share your word with anyone. Internet safety is very important to us and we appreciate users' help in reporting scams and spreading the word about internet safety. As we often say, be aware that if someone is trying to tell you their site is related to Neopets to trick you into giving out your account information, don't give any information at all and don't download anything they may ask you to. This is true anywhere on the Internet, always check with your parents first before visiting or downloading from a website you don't know. Always remember: if something seems too good to be true, it probably is.

If you see what you suspect may be a scam, please let us know! Just go to when you are logged into your account and give us as much information as you can. We'll look into it right away! ~ Editorial 464

Q: Dear TNT, I have had my account for six years with the same word. It doesn't have two numbers in it (the account was made before the "you need two numbers in your word" rule), therefore I now get the annoying "your word is not secure enough" police Chia every single time I log in. Now, it's been six years and no one has hacked my account yet, so can you please, please, PLEASE get rid of the warning? I really don't want to have to change my word, and that Chia is very close to being attacked by Meepits. Oh yeah, and please remove my username! ~username removed
A: Oh, trust us... we would have removed your username anyway. ;) We totally understand how the Chia might be getting on your nerves, and we know an easy way to stop him from troubling you every time you log in. Just visit this page, type in your word, then two numbers, and that pesky Chia will stop bothering you. Yay! :D ~
let's discuss fan-sites for a moment
Adding fansites to the official Neopets family was one of TNT's better ideas, but I cannot say that it did much in the realm of Account Security. Remember - fan sites are not made or monitored by TNT, and thus operate by their own rules. Be very careful when visiting them, even the ones that TNT has officially approved. You never know what you may find. Furthermore, never make an account on any fansite using the same mail you use for Neopets, or the same word. If you want to be super safe, don't use the same username either.

On March 29, 2011, had a breach of security where one of the users they took in to monitor the page instead made it redirect to a malicious site. Granted, the entire page went down soon after, but plenty of Neopians lost their accounts. SN apologized afterwards but there is no reference to this event that can easily be found on their page (I personally had to go through a lot of news archives to find it). Furthermore, when this incident was first mentioned on HACK 2.0, two different people from SunnyNeo contacted me and asked me to take down my blurb about it… sorry guys, as much as I love y'all, you can't silence the truth. Just goes to show you that you should always walk with caution...and not trust everyone.

Within the past several years, dumped a lot of hashes of the accounts of current members of JellyNeo. This was probably not done on purpose, but, regardless, this was the source of most of the hashes used by thieves for a while afterwards, costing a lot of users their accounts.

Of course, there have been other, some minor and some not, scuffles with other sites as well, such as fan-petsites and such, but as the first two fansites to have been by TNT (and having had these security issues before having been approved), they make the best examples. Just because we're allowed to mention these sites and link to them now does not mean that they are entirely safe. However, do not let this news discourage you from visiting fansites; they can be an amazing resource for information. Just, as with everything, proceed with caution.

Not all bought/sold pets are stolen; not all stolen pets are bought or sold. Both types are against the rules, but they do not always travel hand in hand. However, the ability to distinguish a normal pet can be important when trading / adopting / being involved on the site (it is NeoPETS, after all), especially because it can save you the heartbreak of having a trade/adoption (or multiple) reversed.

The problem with describing suspicious activities is that good luck and kind people also exist in Neopia. Yes, people sometimes do, in fact, sometimes gift incredible BD pets or higher end UC pets, and massive uptrades do happen. However, these events can also be signs of something shady going on.

A quick note: do not, in any situation, ever confront people on the boards - instead, simply use this form to report them if you think you have substantial evidence so that TNT will look into it. But seriously, please only report if you have substantial evidence; a "gut feeling" that might cause an innocent, good-willed Neopian to get frozen won't do you any good. In fact, in general, it's best to stay out of such drama unless it's your pet, or a pet of a good friend, that you believe has been stolen…otherwise you're just contributing to nice UCs coming closer to extinction.

Stolen pets can be a pain to the users from whom they were stolen, of course, but sometimes these pets come from inactive accounts that nobody will ever notice them missing from. When this happens, these pets often get involved in trading chains, and, should TNT discover the unsavory origins of the pet, end up in massively long trade reversal chains, impacting many Neopians and setting people back a lot of work.

Spotting a suspicious pet is sometimes very simple. If it is too good to be true, it probably is. High end pets are rarely just gifted (especially if the pet is not a commonly seen pet and/or the new owner refuses to give details of origin) and massive uptrades are rarely made (badly named blue Quiggle for real-name UC Faerie Draik? I doubt it). If either of these two things actually happened, then great! However, if not, then it is highly suspicious. I remember a case where a user suddenly obtained two absolutely amazing, jaw-dropping UCs from an old contact whose username she had immediately forgotten. She was frozen very quickly. Mysterious origins are often not very much in accordance to the rules. Another user traded their low end UC for a super high end and nicely named one on that very same day. They too were later frozen. Massive uptrades, though more common than amazing mysterious gifts, are also rare.

Be wary of nice pets that are up for quick adoption, or nice pets taken down from being traded and immediately being put up for adoption, especially from lesser known shell accounts. I'm not saying that you should not apply (this isn't a guide on commonly made mistakes in applications, after all), but do not spend days (or weeks/months) on an application for a suspicious pet and then complain if something suspicious happens.

Remember, though, that just because something is suspicious does not mean that it is illegit. Don't report every new pet you see – seriously, that's a jerk move. Just be careful, stay alert, and stay alive (account-wise, of course).

Why do people steal accounts?
Though this may be difficult to believe for some, stealing accounts can be profitable. There is a black market for Neopets, items, Neopoints, and even Neocash (don't go looking for it, though, kiddos), from which some people can earn hundreds of dollars by selling stolen online merchandise for real money. Although TNT tries to prevent this (and has made a lot of progress doing so in recent years), they are not always very effective.

How do I check a cache?
Psh. Right, like I'm about to answer that. That's what led to the witch hunting mob that led to me taking HACK 2.0 down for a couple of years. Caches are a great thing to check to gauge if a pet might be illegit, but they matter much less than people think. This having been said, caches aren't even remotely useful now with some of the changes that TNT has made in the past several years – now that userlookups aren't cached and petlookups hardly are, there's no point to them. Pets that have been on the same account for years aren't even always cached anymore.

Somebody accused me of being suspicious! What should I do?
Ignore them. It doesn't matter what the general population of Neopia thinks - only what TNT thinks.

Is ________ (name of pet or user) legit?
I refuse to answer this question. There are occasions on which I know something is definitely illegit, but this does not mean a thing either. Even asking this question can qualify as harassment, and I do not feel the need to start rumors about people that may or may not be true. Be your own judge.

My account was frozen for suspicious activity / for my own protection. What does this mean?
TNT suspects that your account has been or may be stolen and has frozen it before you lose what is on it. Submit a ticket and wait - it is all that you can do at this point.

I don't need to change my word and my account is secure because I have a PIN and the birthday security. Nobody will ever guess it all so I'm safe.
Is this even a question? A person might not be able to guess everything, but a program will. Remember, readers, that there are programs to do almost anything these days. One day, the robots will replace us all.

I heard from so-and-so that TNT's database has been hacked into.
I have heard these rumors as well, but do not entirely believe them. Yes, there are certain high-end Neopians whose accounts are lost periodically, but if the database was actually breached, I believe the hacker would have struck most of the high-end Neopians out there. I have yet to see this happen, so I tend to believe TNT when they say that the database has never been breached…but I've been wrong before.

So basically you're telling us that it is all the victim's fault. Jerk.
Not entirely. You see, it would do well for the general population to be better informed about account theft. However, blatantly smashing TNT every time an account is stolen won't help much either. You can do quite a bit to protect your accounts, after all.

Do you fear how cheaters may react to this page?
Honestly? Not really. A couple even helped me write it! Furthermore, it is not as if HACK will put up a magical Theft-Proof Shield around the accounts of my readers. After all, it's not as if TNT will proudly parade this page everywhere (unless they give me Site Spotlight, in which case they will show that they want to help you prevent account theft, but it's been years without a site spotlight). This having been said, many never been happy about this page and they did celebrate when I took it down… but it's not like I'm hiding behind anonymity here. If they have a problem with something on it, they are more than free to send me a polite neomail to discuss it.

Why is this page a ridiculously light color?
It is supposed to be relaxing so that you stop running around as if your hair is on fire. Yes, I know that blue is more 'relaxing', but blue is also sad. I don't want sad. I want emotionless. That is gray.

If you have any questions not answered by this page, please feel free to contact 0llyness via neomail and ask.
I'm not quite sure if this section is a TL;DR, but regardless, I feel that this should cover some of the more important points I have made. Hopefully.
  1. It was probably not a CG. This is a necessary point, as this is the basic purpose of me making this page. You should protect yourself from all threats.
  2. Make a separate mail account just for Neopets. Do not use this for anything else, but be sure to check it regularly so that it does not purge. G is recommended, used along with their 2-step verification.
  3. Have a different word and PIN on every account This might not help much, but when it comes down to it, it might just save your other accounts. Some users even have different mails attached to each account. I would only recommend that if you remember to check every mail on a regular basis.
  4. Do not keep all of your riches in one place. If you have millions of NP, store a decent amount on your sides. If you have a lot of UCs, spread them out along sides instead of having just one "super-account" (okay, fine, I didn't mention this elsewhere…but still a good point). This may reduce targeting (if targeting methods become common).
  5. Change words and PINs regularly. Not all who gain access to accounts act on this quickly, and sometimes you can protect yourself simply by changing your word and PIN. Granted, if they have access to your mail this will not help much, but for this reason you should change your mail's word regularly as well. Don't use the same words you use for Neopets for anything else, and make sure that they are not easy to guess.
  6. Keep records of everything. This is important in case you lose your account. Create a file in Excel with a row for each section of the ticket you would have to submit to reclaim your account, and label each column for each of your accounts. Update this regularly, paying close attention to any NC codes redeemed.
  7. If you're suddenly signed out, log in and out. This often happens during a CG, and if you sign in and out two or three times and then change all of your account information, you should be fine. It's also a good idea since it will knock any thief currently on your account off of it, and might save your account.
  8. Use PINs and birthday verification. It does not necessarily help all the time (or, to be entirely honest, it rarely helps), but it can be useful. Granted, making a secret question would have been a better idea on TNT's part, but the effort they put forth is appreciated all the same.
  9. If it's too good to be true, it probably is. This is more pertaining to the movement of stolen and sold pets and items, but true in most cases. A 1 NP expensive item in a shop might be a CG, an up for quick adoption higher end unconverted pet (or one over-offered on your pet) could be stolen (or sold), and so forth. Trust your instincts.
  10. Don't be a jerk. Don't report every unfamiliar pet.
  11. Secure your own accounts. Emails, words, pins - everything. I stated this earlier, but be sure that you can prove that your accounts are yours.
Alas, even if you do all of this, it does not guarantee that your account is safe; there is a lot of luck involved as well. The best that you can do is be prepared for the worst.
When I originally created HACK, back in 2011, I never thought people would actually read it. Within the first month, I ran into a stranger linking to it on a board. It warmed my heart. I've taken it down twice since, and both times I've gotten a number of neomails asking for it to come back. Especially considering the drama the second time around, I really, really didn't think that people still wanted this site around… but I guess that I was wrong. Thank y'all.

I wrote HACK to help other Neopians protect their accounts, but I cannot do it alone. I need your help.

Knowledge is half the battle. If you are informed of the methods that are used to steal accounts, then you can hopefully do something about them and protect yourself. Because of this, I beg of you to please share this site with your friends, random strangers, put it in fonts, and so forth. You obviously don't have to do it all, but every little bit helps.

Links Back

Preview buttons are linked to their creators.
More buttons would be appreciated!

Helpful Sites
Live Long and Prosper

Sites by Olly

Listed At

Feel free to list HACK anywhere you choose, and mail me if you do for so that I can link back!
Thank you very much for visiting HACK and reading through it. I hope that it has been informative and please do feel free to contact me with any suggestions, information, or questions not answered here. Spread the word and come again!

Special thanks to Nyan Cat, Yellow Submarine, Archer, Engie, and Dung Mote for providing much of the information on this page (you know who you are) and to TNT for not deleting this page and allowing for it to exist to build awareness for Neopians everywhere. Also to Alicja and Solo for the grammar check.


Coding and content by 0llyness. No sticky fingers, please.
If you'd like to translate this page, let me know and I'll be sure to link you!
Since 12/25/2011
V3.0 since 4/22/2016

NEOPETS, characters, logos, names and all related indicia
are trademarks of Neopets, Inc., 1999-2016.
denotes Reg. US Pat. & TM Office. All rights reserved.
PRIVACY POLICY | Safety Tips | Contact Us | About Us | Press Kit

Heads Up! You're about to leave Neopia!

You've clicked on a link that will take you outside of We do not control your destination's website,
so its rules, regulations, and Meepit defense systems will be
different! Are you sure you'd like to continue?

It is a journey
I must face...alone.
*dramatic music*
I want to stay on Neopets,
where the dangers of
Meepit invasion
are taken seriously.
Heads Up! You're about to leave Neopia!

You've clicked on a link that will take you outside of We do not control your destination's website,
so its rules, regulations, and Meepit defense systems will be
different! Are you sure you'd like to continue?

It is a journey
I must face...alone.
*dramatic music*
I want to stay on Neopets,
where the dangers of
Meepit invasion
are taken seriously.
Heads Up! You're about to leave Neopia!

You've clicked on a link that will take you outside of We do not control your destination's website,
so its rules, regulations, and Meepit defense systems will be
different! Are you sure you'd like to continue?

It is a journey
I must face...alone.
*dramatic music*
I want to stay on Neopets,
where the dangers of
Meepit invasion
are taken seriously.

NEOPETS, characters, logos, names and all related indicia
are trademarks of Neopets, Inc., © 1999-2018.
® denotes Reg. US Pat. & TM Office. All rights reserved.

PRIVACY POLICY | Safety Tips | Contact Us | About Us | Press Kit
Use of this site signifies your acceptance of the Terms and Conditions