Whenever somebody's account is compromised, the boards seem to erupt into a chaotic frenzy of people running around as if all of their hair is collectively on fire - all screaming that the CGs are coming (one day, some awesome artist will animate that scene for me). As entertaining as this is to watch, these very same people that refuse to visit any shops, petpages, userlookups, and petlookups also occasionally find themselves with stolen accounts, thus leading to even more panic and mass hysteria. Yes, I did often troll such people. However, I also feel that many Neopians are oblivious as to how ridiculous they are - they hide from the rarest form of account compromisation but leave themselves wide open to the easiest and most common methods. This page's purpose is to inform Neopians of the methods which are used to steal their accounts, and also to teach Neopians how to better protect themselves. After all, there is no protecting yourself from a threat unless you know what it is; knowledge is half the battle. This is not a how-to guide, nor is it a page of useless information bashing (or defending) TNT. This is what TNT should be telling us, since my goal is to show that most accounts lost are at the fault of the player and not the administration of the site (not to say that they couldn't do much better, though...). Account theft is often (but not always) preventable, as long as you know the methods, and if it's not preventable, there are measures you can take to ensure that your account will be returned safely.
Welcome to H.A.C.K. - Helpful Account Compromization Knowledge. May you find the answers to your many questions here, and I wish you the best of luck in keeping your account secure.
OVERVIEWWelcome to H.A.C.K. - Helpful Account Compromization Knowledge. May you find the answers to your many questions here, and I wish you the best of luck in keeping your account secure.
Contrary to what many people claim, no one has ever hacked into Neopets, accessed user information, accounts or usernames. The ONLY means by which a user can have an account stolen is when they inadvertently or intentionally gives away their [word]. - Official TNT Quote
Not to call TNT out on anything, but this is not entirely true. There is an entire world of ways that users can have their accounts stolen, of which most users are entirely unaware. Granted, a user hacking into the Neopets Database is so far a myth that cannot be proven, but TNT was correct in saying that account protecion is your responsibility. Granted, they do have a Security page, but it does not quite cut it anymore.
The four main methods employed to steal a player's account will each be discussed in turn, along with steps that Neopians can take to prevent their accounts from being lost from those specific methods. This is not a how-to guide, nor will it offer complete protection from account theft. Afterwards, some helpful tips to preventing account theft and ensuring that, in the case of theft, the account can be proven to be yours will be discussed. I will also briefly skim over what to do once your account has already been stolen and other methods of cheating before concluding with a Frequently Asked Questions section and other sitely goodies.
To navigate this page, please use the links located to your left (or simply scroll). If there are any major updates, they will appear under the navigation bar in red, but will be purged regularly.
Before reading any further, please understand that I, 0llyness, am in no way affiliated with the process of compromising accounts. All of my knowledge comes from paying attention over the past several years and help from random people who are more informed with this process than myself.
GLOSSARYNot to call TNT out on anything, but this is not entirely true. There is an entire world of ways that users can have their accounts stolen, of which most users are entirely unaware. Granted, a user hacking into the Neopets Database is so far a myth that cannot be proven, but TNT was correct in saying that account protecion is your responsibility. Granted, they do have a Security page, but it does not quite cut it anymore.
The four main methods employed to steal a player's account will each be discussed in turn, along with steps that Neopians can take to prevent their accounts from being lost from those specific methods. This is not a how-to guide, nor will it offer complete protection from account theft. Afterwards, some helpful tips to preventing account theft and ensuring that, in the case of theft, the account can be proven to be yours will be discussed. I will also briefly skim over what to do once your account has already been stolen and other methods of cheating before concluding with a Frequently Asked Questions section and other sitely goodies.
To navigate this page, please use the links located to your left (or simply scroll). If there are any major updates, they will appear under the navigation bar in red, but will be purged regularly.
Before reading any further, please understand that I, 0llyness, am in no way affiliated with the process of compromising accounts. All of my knowledge comes from paying attention over the past several years and help from random people who are more informed with this process than myself.
CG - Cookie grabber; a method of obtaining accounts discussed later on in this page. This method is most commonly considered to be the method used to steal a person's account, but is in fact rare.
G - Rhymes with 'Poogle'. A major search engine.
Illegit - Anything done or obtained against the Neopian rules.
Mail - Add an 'e' beforehand. Whenever this is discussed, I am referring to the one attached to the account in question
PC - The Neopian Pound board. Often refers people on this board as well.
Purge - Whenever any site cleans out unused and/or abandoned accounts.
Self-ice - The removal of one's account by themselves (using the self-ice link). This is often done to protect an account if one senses that it is being lost, or to cover the trail of illegit movement of something.
Shell - Any account that is anonymous in nature. These are typically used to troll, contact people, or secure things. They can either be blank accounts or accounts with some pets and avatars/css/trophies depending on the thief and purpose of the shell.
Thief - A person that steals accounts.
Unreg - A method discussed later on in the page, but typically this word specifically refers to a mail account that is currently unregistered.
Word - The secret word that is used to sign into places. Never give it out!
More terms will be added as the need for them arises.
CGSG - Rhymes with 'Poogle'. A major search engine.
Illegit - Anything done or obtained against the Neopian rules.
Mail - Add an 'e' beforehand. Whenever this is discussed, I am referring to the one attached to the account in question
PC - The Neopian Pound board. Often refers people on this board as well.
Purge - Whenever any site cleans out unused and/or abandoned accounts.
Self-ice - The removal of one's account by themselves (using the self-ice link). This is often done to protect an account if one senses that it is being lost, or to cover the trail of illegit movement of something.
Shell - Any account that is anonymous in nature. These are typically used to troll, contact people, or secure things. They can either be blank accounts or accounts with some pets and avatars/css/trophies depending on the thief and purpose of the shell.
Thief - A person that steals accounts.
Unreg - A method discussed later on in the page, but typically this word specifically refers to a mail account that is currently unregistered.
Word - The secret word that is used to sign into places. Never give it out!
More terms will be added as the need for them arises.
CGs. Oh, CGs... how infamous you are. CGs, or Cookie Grabbers, are the method most people expect for thieves to use, but are actually the most uncommon form because they are difficult to use. They were made notorious several years ago, but recent coding changes have made them become rarer and rarer. Despite what the random frightened mob on the PC may say, there is probably not a CG wave going on right now (and if there is, it'll be over within a day or two). In case I have not stressed this enough yet - CGs are rare.
RECOGNITION
You know that it is a CG wave when dozens of people lose their accounts within days of each other. This is not one or two people a week - this is a whole lot of people in very little time. People that understand how coding is supposed to look can often visit source coding and spot a suspicious line of code, being the CG.
LOCATION
Contrary to popular belief, CGs are not only possible on petlookups, shops, userlookups, and so forth. There was a wave in 2011 which contained a CG located on a board, and I have actually had a thief inform me that CGs are theoretically possible wherever a user has the option to input a string of characters. This includes shops, galleries, userlookups, petlookups, boards, neomail, and even trading post lots. Luckily, the latter has never been reported. However, before you go running away to hide in a cave, please do remember that these are rare.
KNOWLEDGE
The way that CGs work is by grabbing your current login information to an offsite place, where the thief can use it to log into your current session. This is not only for Neopets - they steal your cookies for every site that you are currently logged in on, which might even include bank account information! The code changes periodically, based on TNT's new filters (yes, you can blame CGs for most of the coding restrictions we have), but can be recognized in source coding as a string of suspicious code that seems to serve no purpose. Avoid these at all costs...
PROTECTION
Because CGs catch only the current log in information on your own browser, use a separate browser for Neopets. For example, I often use Chrome for everything, but use Firefox for Neopets. Also, be sure to always log out from important things like bank accounts before even accessing Neopets. Yes, I have stated that they are rare, but I will not have my bank account information compromised even if there is a tiny chance. Change your Neomail Settings in your preferences to Plain Text only to avoid Neomail CGs. If there is a current CG wave, just hermit for a while - play games, work on petpages, whatever - but avoid other players at all costs. If you have been CGed, keep logging out and back in in order to clean out your session and change all of your information immediately. A good rule of thumb is to clear your cookies periodically. There are also Firefox browser plugins that can help protect you, but personally I don't use them since waves are incredibly rare.
SIDE NOTE
CGs are the only method that can be blamed on TNT, but in order to get rid of them entirely, TNT would have to block all semblance of customizable coding. That would be a very sad day indeed. Luckily, however, CGs are incredibly rare. Yes, they are disastrous when they occur, but running around screaming that the CGs have come helps nobody, especially when most account thefts occur by using the next two methods I will discuss. Also, for the record, the most recent CG was the SunnyNeo one (discussed later) and the most recent on-site CG was actually on a board and not a userlookup / petlookup / shop / whatever else the paranoid people avoid. So if you're really that paranoid, add fan sites and the Neoboards to your list of places to avoid.
UNREGSRECOGNITION
You know that it is a CG wave when dozens of people lose their accounts within days of each other. This is not one or two people a week - this is a whole lot of people in very little time. People that understand how coding is supposed to look can often visit source coding and spot a suspicious line of code, being the CG.
LOCATION
Contrary to popular belief, CGs are not only possible on petlookups, shops, userlookups, and so forth. There was a wave in 2011 which contained a CG located on a board, and I have actually had a thief inform me that CGs are theoretically possible wherever a user has the option to input a string of characters. This includes shops, galleries, userlookups, petlookups, boards, neomail, and even trading post lots. Luckily, the latter has never been reported. However, before you go running away to hide in a cave, please do remember that these are rare.
KNOWLEDGE
The way that CGs work is by grabbing your current login information to an offsite place, where the thief can use it to log into your current session. This is not only for Neopets - they steal your cookies for every site that you are currently logged in on, which might even include bank account information! The code changes periodically, based on TNT's new filters (yes, you can blame CGs for most of the coding restrictions we have), but can be recognized in source coding as a string of suspicious code that seems to serve no purpose. Avoid these at all costs...
PROTECTION
Because CGs catch only the current log in information on your own browser, use a separate browser for Neopets. For example, I often use Chrome for everything, but use Firefox for Neopets. Also, be sure to always log out from important things like bank accounts before even accessing Neopets. Yes, I have stated that they are rare, but I will not have my bank account information compromised even if there is a tiny chance. Change your Neomail Settings in your preferences to Plain Text only to avoid Neomail CGs. If there is a current CG wave, just hermit for a while - play games, work on petpages, whatever - but avoid other players at all costs. If you have been CGed, keep logging out and back in in order to clean out your session and change all of your information immediately. A good rule of thumb is to clear your cookies periodically. There are also Firefox browser plugins that can help protect you, but personally I don't use them since waves are incredibly rare.
SIDE NOTE
CGs are the only method that can be blamed on TNT, but in order to get rid of them entirely, TNT would have to block all semblance of customizable coding. That would be a very sad day indeed. Luckily, however, CGs are incredibly rare. Yes, they are disastrous when they occur, but running around screaming that the CGs have come helps nobody, especially when most account thefts occur by using the next two methods I will discuss. Also, for the record, the most recent CG was the SunnyNeo one (discussed later) and the most recent on-site CG was actually on a board and not a userlookup / petlookup / shop / whatever else the paranoid people avoid. So if you're really that paranoid, add fan sites and the Neoboards to your list of places to avoid.
Exploitation of unregs is the most common method used by thieves because it is by far the simplest and easiest. Furthermore, most Neopians are oblivious to its existence and thus do absolutely nothing to try to prevent this... and, as frightening as this may seem, TNT can do nothing to stop this. It is the responsibility of the player to protect themselves.
RECOGNITION
If several people lose their accounts over some period of time, but the timing appears sporadic and not clustered, it is probably the use of unregs - such as one every few days or so. Most account thefts are the result of unregs. Often times, the thief might have access to the account for an elongated period of time before acting. A friend of mine that nearly lost her account in this way reported that odd things were happening to her account - she'd have a couple less Neopoints than she thought she had or some RE she skipped... once even a Neomail she didn't remember sending being responded to. This period is used for the thief to "secure" the account.
KNOWLEDGE
Unregs are possible because mail providers often purge accounts that have not been accessed for several (usually three) months. The exception to this, at the time of writing this guide, is the G provider. There are two types of unreg thieves - those that target specific accounts and those that just try their luck. The type that target will attempt to guess the mail attached to your account, and will create this mail in hopes that it has purged. Sometimes, they will go to your art place (or any other offsite place, like the book of faces) account and look for your email there, assuming that it is the one attached to your account. They will keep creating various mail accounts in order to try to request your word, and, if successful, will infiltrate your account. Unreg thieves that don't target also create a lot of mail accounts, blindly testing them in the Neopets database after creation in an attempt to get lucky. Please note that, if the thief has access to your mail account, they also have your pin and (probably) your birthday. Sorry to say this, but if you lose your account to an unreg (and if you lose your account, it's probably to an unreg), it really sort of is your fault for not checking your mail periodically
PROTECTION
Not only does G rarely purge, but it also offers this wonderful service called 2-step verification, which makes it necessary to type in a code sent to your phone before you can log into the account. Take advantage of this and create a separate mail account on G for Neopets (and only Neopets). Don't forget to check it, though! Also, be sure to have a random mail name in it, such as ice_queen_12pharoah (not mine, I promise) or whatever to help prevent the thief from guessing what your mail is. Don't forget to check it periodically!
HASHESRECOGNITION
If several people lose their accounts over some period of time, but the timing appears sporadic and not clustered, it is probably the use of unregs - such as one every few days or so. Most account thefts are the result of unregs. Often times, the thief might have access to the account for an elongated period of time before acting. A friend of mine that nearly lost her account in this way reported that odd things were happening to her account - she'd have a couple less Neopoints than she thought she had or some RE she skipped... once even a Neomail she didn't remember sending being responded to. This period is used for the thief to "secure" the account.
KNOWLEDGE
Unregs are possible because mail providers often purge accounts that have not been accessed for several (usually three) months. The exception to this, at the time of writing this guide, is the G provider. There are two types of unreg thieves - those that target specific accounts and those that just try their luck. The type that target will attempt to guess the mail attached to your account, and will create this mail in hopes that it has purged. Sometimes, they will go to your art place (or any other offsite place, like the book of faces) account and look for your email there, assuming that it is the one attached to your account. They will keep creating various mail accounts in order to try to request your word, and, if successful, will infiltrate your account. Unreg thieves that don't target also create a lot of mail accounts, blindly testing them in the Neopets database after creation in an attempt to get lucky. Please note that, if the thief has access to your mail account, they also have your pin and (probably) your birthday. Sorry to say this, but if you lose your account to an unreg (and if you lose your account, it's probably to an unreg), it really sort of is your fault for not checking your mail periodically
PROTECTION
Not only does G rarely purge, but it also offers this wonderful service called 2-step verification, which makes it necessary to type in a code sent to your phone before you can log into the account. Take advantage of this and create a separate mail account on G for Neopets (and only Neopets). Don't forget to check it, though! Also, be sure to have a random mail name in it, such as ice_queen_12pharoah (not mine, I promise) or whatever to help prevent the thief from guessing what your mail is. Don't forget to check it periodically!
Hashes are the method used to get into accounts otherwise protected. These are the most difficult to prevent and often occur due to your accounts on other websites. Sadly, this is the method I know the least about.
RECOGNITION
Hashes generally occur in clusters, and are the method used to get the accounts of people otherwise protected. That's not to say that they're common; they're a lot of work and a huge gamble. They're more common than CGs but much less common than unregs. A hash wave is sometimes mistaken for light a CG wave. If you keep on getting word requests sent to your mail, you can assume that somebody is trying to hash you (though sometimes unreg as well).
KNOWLEDGE
Hashes typically contain a username, mail, and word. The word tends to be jumbled up. Technically, the word hash refers to the jumbled up word. After cracking the encryption on the word, the thief tries to plug the word into the mail and username. If successful, they steal your account. If not, they typically give up (unless your account is amazing, in which case they try to keep going by going through the mail account if they manage to access it). Hashes are dumped by various websites, the most notorious of which was the recent drops from a certain fansite and another pet site, which cost many people their accounts. To clarify, they're not gotten off of Neopets, rather screened for in neopets-related sites (mostly fan sites and forums).
PROTECTION
Never use the the same username and word for Neopets as you do for other sites, or, if you do use the same username, ensure that the word is different. Refer back to the tips about unregs and create the separate mail account for Neopets, but also create another for fansites and whatnot. Use 2-step verification for both. Also, whenever you get a word request you did not send, contact TNT with a ticket informing them that your account may be compromised soon and change all of the information on your accounts that you can while also ensuring that you have all of the needed information for retrieving your account. Sadly, having a very jumbled up word doesn't help much... nor does the PIN.
SIDE NOTE - STORY TIME
One of my sides was once compromised, but I was incredibly lucky. The method used by the thief was hash-cracking, so, despite all of my knowledge, I had fallen victim to this method. At the time, I had separate mails for each of my accounts, and on one I happened to sign up for my fansite account. When those hashes leaked, so did my account. I realized that I had lost access to the mail and immediately contacted TNT and tried to change my mail (the system was also slow that day). I ended up submitting a ticket telling TNT to return the account to my main, when I realized that the thief had sent me a mail to my main (from a shell) telling me that they had gained access to my account but, upon realizing that it was mine, decided that it was pointless to take since I would rally up enough PC support to have my pets returned to me, and I had clearly started to set up the quick retrieval of my account. Although I wish the same luck onto the readers of this page, I highly doubt that another thief will act in such a way.
IDIOCYRECOGNITION
Hashes generally occur in clusters, and are the method used to get the accounts of people otherwise protected. That's not to say that they're common; they're a lot of work and a huge gamble. They're more common than CGs but much less common than unregs. A hash wave is sometimes mistaken for light a CG wave. If you keep on getting word requests sent to your mail, you can assume that somebody is trying to hash you (though sometimes unreg as well).
KNOWLEDGE
Hashes typically contain a username, mail, and word. The word tends to be jumbled up. Technically, the word hash refers to the jumbled up word. After cracking the encryption on the word, the thief tries to plug the word into the mail and username. If successful, they steal your account. If not, they typically give up (unless your account is amazing, in which case they try to keep going by going through the mail account if they manage to access it). Hashes are dumped by various websites, the most notorious of which was the recent drops from a certain fansite and another pet site, which cost many people their accounts. To clarify, they're not gotten off of Neopets, rather screened for in neopets-related sites (mostly fan sites and forums).
PROTECTION
Never use the the same username and word for Neopets as you do for other sites, or, if you do use the same username, ensure that the word is different. Refer back to the tips about unregs and create the separate mail account for Neopets, but also create another for fansites and whatnot. Use 2-step verification for both. Also, whenever you get a word request you did not send, contact TNT with a ticket informing them that your account may be compromised soon and change all of the information on your accounts that you can while also ensuring that you have all of the needed information for retrieving your account. Sadly, having a very jumbled up word doesn't help much... nor does the PIN.
SIDE NOTE - STORY TIME
One of my sides was once compromised, but I was incredibly lucky. The method used by the thief was hash-cracking, so, despite all of my knowledge, I had fallen victim to this method. At the time, I had separate mails for each of my accounts, and on one I happened to sign up for my fansite account. When those hashes leaked, so did my account. I realized that I had lost access to the mail and immediately contacted TNT and tried to change my mail (the system was also slow that day). I ended up submitting a ticket telling TNT to return the account to my main, when I realized that the thief had sent me a mail to my main (from a shell) telling me that they had gained access to my account but, upon realizing that it was mine, decided that it was pointless to take since I would rally up enough PC support to have my pets returned to me, and I had clearly started to set up the quick retrieval of my account. Although I wish the same luck onto the readers of this page, I highly doubt that another thief will act in such a way.
By idiocy, I am referring to people that send others their words believing that they will sign in to find 1 million NP on their accounts or fall for fake mails from TNT asking for their words. This section will be short, as I have very little to say on this matter.
TNT will NEVER ask for your personal information; they have access to it. Also, NEVER give your word to anyone - friend or stranger.
Furthermore, don't fall into a false sense of security. Just because you have a PIN and the birthday lock enabled does not mean that you are safe. Programs exist to crack both of those security methods, and are often used to aid in the other methods I have listed. The birthday in particular is so easy to crack that there used to be a user on the boards that would crack it for any and all Neopians.
Don't parade around linking everything you have. You don't want the thief to know your mail account. Also, don't make a predictable word. Don't trust strangers, and, to be entirely honest, don't trust your friends either. I have seen plenty of cases of accounts being stolen by a good friend.
Always check the URL of the page before logging into Neopets. Never use the same word as you do on Neopets in other places. Just stay alert and stay protected.
COMMON SCAMSTNT will NEVER ask for your personal information; they have access to it. Also, NEVER give your word to anyone - friend or stranger.
Furthermore, don't fall into a false sense of security. Just because you have a PIN and the birthday lock enabled does not mean that you are safe. Programs exist to crack both of those security methods, and are often used to aid in the other methods I have listed. The birthday in particular is so easy to crack that there used to be a user on the boards that would crack it for any and all Neopians.
Don't parade around linking everything you have. You don't want the thief to know your mail account. Also, don't make a predictable word. Don't trust strangers, and, to be entirely honest, don't trust your friends either. I have seen plenty of cases of accounts being stolen by a good friend.
Always check the URL of the page before logging into Neopets. Never use the same word as you do on Neopets in other places. Just stay alert and stay protected.
Personally, I don't see the need for this section, since most of it can fit into the Idiocy section above and there is already an awesome guide in existence for this purpose. /~LupeMoneyCounter is the best guide around with common scams, and I highly recommend that every Neopian read through it at least once. However, for the sake of visitors to H.A.C.K., I am going to include some of the most common (in my experience) scams that are also mentioned on that page.
FAN SITES- Beware of fake login pages. Always check to make sure that the page is the correct Neopets domain and URL.
- No, giving your information to that nice person that promises to get you a Krawk / Draik / UC will not give it to you if you give them all of your account information. They'll just steal your account.
- No, you will not get free Neocash/Items/Pets if you click that creepy offsite link.
- No, buying that 1 NP super expensive item is not a good idea. It's probably a CG.
- Downloading a program will not make Neopets any easier to play.
- No, that is not TNT contacting you asking you for your information.
- Don't you dare accept that free account that has been offered to you on a random board.
Adding fansites to the official Neopets family was one of TNT's better ideas, but I cannot say that it did much in the name of Account Security. Remember - fan sites are not made or monitored by TNT, and thus operate by other rules. Be very careful when visiting them, even the ones that TNT has approved. You never know what you may find. Furthermore, never make an account on any fansite using the same mail you use for Neopets, or the same word.
On March 29, 2011, SunnyNeo.com had a breach of security where one of the users they took in to monitor the page instead made it redirect to a malicious site. Granted, the entire page went down soon after, but plenty of Neopians lost their accounts. SN apologized afterwards but there is no reference to this event that can easily be found on their page (I personally had to go through a lot of news archives to find it). Just goes to show you that you should always walk with caution.
On a date unknown to me but within the recent 2-3 years(sadly none of my sources will reveal it), JellyNeo.com dumped a lot of hashes of the accounts of current members of JellyNeo. This was probably not done on purpose, but, regardless, this was the source of most of the hashes used by thieves for a very long time afterwards, possibly even until now. This should just be used as another reason to never use the same mail account for Neopets and something else.
There have been minor scuffles with other sites as well, such as fan-petsites and such, but as those are the two fansites which TNT themselves approve of, they are the two that matter most. Just because we're allowed to mention these sites and link to them now does not mean that they are entirely safe. However, do not let this news discourage you from visiting fansites; they can be an amazing place for information. Just proceed with caution and you should be fine.
THEFT PROTECTIONOn March 29, 2011, SunnyNeo.com had a breach of security where one of the users they took in to monitor the page instead made it redirect to a malicious site. Granted, the entire page went down soon after, but plenty of Neopians lost their accounts. SN apologized afterwards but there is no reference to this event that can easily be found on their page (I personally had to go through a lot of news archives to find it). Just goes to show you that you should always walk with caution.
On a date unknown to me but within the recent 2-3 years(sadly none of my sources will reveal it), JellyNeo.com dumped a lot of hashes of the accounts of current members of JellyNeo. This was probably not done on purpose, but, regardless, this was the source of most of the hashes used by thieves for a very long time afterwards, possibly even until now. This should just be used as another reason to never use the same mail account for Neopets and something else.
There have been minor scuffles with other sites as well, such as fan-petsites and such, but as those are the two fansites which TNT themselves approve of, they are the two that matter most. Just because we're allowed to mention these sites and link to them now does not mean that they are entirely safe. However, do not let this news discourage you from visiting fansites; they can be an amazing place for information. Just proceed with caution and you should be fine.
There is no 100% foolproof way to guarentee account protection and security. If there was, I would call this page Secure Your Account - Guaranteed and there would be no use for all of the sections here. However, there are ways to make your account safer... just keep in mind that you always need to have a backup plan.
Never trust anyone. Despite babysitting and sharing accounts being against the rules, there are still many users that allow others access to their accounts. Don't. This is idiotic. Furthermore, don't even give out actual details about your accounts, such as the mails they are attached to or old words. Just don't trust people, even if they are your friends.
If it is too good to be true, it probably is. I really hope that this cliche phrase is burned into your mind by the time you finish reading this page. It is the truth. Yes, luck happens, but only to a certain extent. More often than not, "luck" on Neopets is something very fishy.
Keep your own accounts secure. Ensure that your mail is secured and check it often to make sure that it is not purged, keep records of everything, change your word regularly, and such. No, the PIN and birthday will not protect you from most of these. I'm sorry, but protecting your accounts is up to you.
Don't visit suspicious pages. I scream in huge fonts that CGs are rare, but they are not entirely nonexistant (or might be, but I'd still be careful). Especially offsite, they can be anywhere.
Think with your head. Don't do crazy things on impulse, don't accept stupid offers, realize that there are no shortcuts, don't fall for scams, andall of that. A lot of this is simply common sense, which is obtained by stopping for a moment and considering the situation.
Change your pin and word periodically, on everything. Although this will not necessarily save your account, it can help. If somebody has gained access to your accounts but has not acted upon it yet, you changing your word, pin, and mail's word will actually make them have nothing left and thus lose access. On days when there are a lot of people losing their accounts, I would change everything every 24 hours. Otherwise, just change it often.
Watch that mail. Mail accounts purge regularly. Make sure yours doesn't. Also, check for anything remotely suspicious on there, and check often.
Use TNT's methods of security. Despite them not always being effective, a PIN and a Birthday Lock might actually protect you from a certain level of theft. A PIN can at least slow them down, since PINs have that wonderful limit to how many times you can get them incorrect in and hour. Hey, something is better than nothing.
Keep Neopets and other things seperate. You Neopets mail is your Neopets mail; your fansite mail is your fansite mail; your real mail is your real mail. Not a hard thing to imagine. If you are on a fansite and recognizable as yourself, be sure to use a different word than your Neo one. People can see those, you know. Just be careful... you don't want someone getting more important information on accident.
Stay alert. Stay informed. Stay protected. I'm not saying that you should come here daily (I don't), but do keep an eye out on the boards for new threats and do check back at least every now and then. No, I'm not asking for views, but I will update if I smell a CG wave or see a new threat. The purpose of this pge is to serve and protect you, not to sit here looking pretty. The boards are also an amazing place to get information, but as long as the source is a good one.
If in doubt, change it all and hermit. If there is a lot of suspicious activity going on, change all of your information, secure your account, and then don't go onto any user-editted places (including the Boards) for a week or two. Work on your own stuff. Spin some wheels. Play Cellblock. Whatever. Just avoid people to try to stay safe.
Read this page. From start to finish. Yep, I am being lame and self-promoting right here. You should read everything, because everything is important. To know how to protect yourself, you should understand how things happen, and for this you need to be informed.
SECURINGNever trust anyone. Despite babysitting and sharing accounts being against the rules, there are still many users that allow others access to their accounts. Don't. This is idiotic. Furthermore, don't even give out actual details about your accounts, such as the mails they are attached to or old words. Just don't trust people, even if they are your friends.
If it is too good to be true, it probably is. I really hope that this cliche phrase is burned into your mind by the time you finish reading this page. It is the truth. Yes, luck happens, but only to a certain extent. More often than not, "luck" on Neopets is something very fishy.
Keep your own accounts secure. Ensure that your mail is secured and check it often to make sure that it is not purged, keep records of everything, change your word regularly, and such. No, the PIN and birthday will not protect you from most of these. I'm sorry, but protecting your accounts is up to you.
Don't visit suspicious pages. I scream in huge fonts that CGs are rare, but they are not entirely nonexistant (or might be, but I'd still be careful). Especially offsite, they can be anywhere.
Think with your head. Don't do crazy things on impulse, don't accept stupid offers, realize that there are no shortcuts, don't fall for scams, andall of that. A lot of this is simply common sense, which is obtained by stopping for a moment and considering the situation.
Change your pin and word periodically, on everything. Although this will not necessarily save your account, it can help. If somebody has gained access to your accounts but has not acted upon it yet, you changing your word, pin, and mail's word will actually make them have nothing left and thus lose access. On days when there are a lot of people losing their accounts, I would change everything every 24 hours. Otherwise, just change it often.
Watch that mail. Mail accounts purge regularly. Make sure yours doesn't. Also, check for anything remotely suspicious on there, and check often.
Use TNT's methods of security. Despite them not always being effective, a PIN and a Birthday Lock might actually protect you from a certain level of theft. A PIN can at least slow them down, since PINs have that wonderful limit to how many times you can get them incorrect in and hour. Hey, something is better than nothing.
Keep Neopets and other things seperate. You Neopets mail is your Neopets mail; your fansite mail is your fansite mail; your real mail is your real mail. Not a hard thing to imagine. If you are on a fansite and recognizable as yourself, be sure to use a different word than your Neo one. People can see those, you know. Just be careful... you don't want someone getting more important information on accident.
Stay alert. Stay informed. Stay protected. I'm not saying that you should come here daily (I don't), but do keep an eye out on the boards for new threats and do check back at least every now and then. No, I'm not asking for views, but I will update if I smell a CG wave or see a new threat. The purpose of this pge is to serve and protect you, not to sit here looking pretty. The boards are also an amazing place to get information, but as long as the source is a good one.
If in doubt, change it all and hermit. If there is a lot of suspicious activity going on, change all of your information, secure your account, and then don't go onto any user-editted places (including the Boards) for a week or two. Work on your own stuff. Spin some wheels. Play Cellblock. Whatever. Just avoid people to try to stay safe.
Read this page. From start to finish. Yep, I am being lame and self-promoting right here. You should read everything, because everything is important. To know how to protect yourself, you should understand how things happen, and for this you need to be informed.
You do not want to wake up one morning, find your account gone, and then sit around scratching your head and trying to remember things that can prove you to be the owner of your accounts. Instead, keep an Excel document (or something) with important and helpful information to prove that you are the owner of your account. Here is a list of important things that might ensure your account gets returned to you in case of theft. Keep a list of all of this information for every account you have. Another great page to check out for this section is /~ShimmeringBliss.
ACCOUNT RECOVERY-
TNT's Requested Information (as found in the Ticket System)
- Previously used word(s): All of the previous words you can think of. I keep mine in order.
- Previously used mail(s): Again, all of the ones you can think of.
- Your Birthday: You should know this.
- Who are your Neofriends?: I keep a list of quite a few, and have several of my friends' sides neofriended on my sides for the sake of security.
- Neocash Purchased: Oh Fyora is this a long one. I don't keep a fully updated list, but I keep a lot if it.
- Rare Item Codes Redeemed: This is an important one. If you redeem a code, include it here.
- Warnings received: This is another important one, and a rather easy one. Try to keep the dates; if not, the month will do. Include what happened and the type of punishment recieved.
- Pets you have created, abandoned or transferred: Adopt and abandon some Pound pets to have this list be longer. This is often a section that the thief will not details about.
- Items in your closet or equipped to pets This is a long one. If you're a NC account like me, just list notable items.
- Further explanation, additional details: This will be where you put everything else you can remember
-
My Additions
- Ticket Numbers I don't keep every Bug Report that I have ever spammed Rico with (poor Rico), but there are some notable Tickets in here.
- Gallery Theme Very important in my opinion, though it is something that can be accessed later.
- Odd Items in SDB This is rather important. Try to keep track of some of the junk items you have in there and their quantities. Just pick a few specific items and make note.
- NC Card Codes This is possibly the most important thing on this list. How will a thief know all of your exact NC card codes? Plus, TNT is guarenteed to have a record of all of them. If you use a code, record it.
Alas, protection and prevention are not always enough. Once an account is lost, however, it is not always the end. You can always try to reclaim your lost neoproperty through the tedious and grueling ticket system.
IF YOU STILL HAVE ACCESS TO YOUR ACCOUNT
Change all of your information immediately and then send in a ticket to TNT saying that you think your account is being compromised and to please return it to you, including something that will tell them that it is indeed you. Afterwards, self-ice to protect your belongings. You will now have to submit a ticket to continue the process, which will leave you in more or less the same sitation as one with a stolen account (except that your account will hopefully still be intact).
IF YOU DO NOT HAVE ACCESS TO YOUR ACCOUNT
If your account is frozen, good. You should be happy. If not, report it using this form and explain to TNT that this is your account, it was compromised, and you would like it temporarily frozen while th ticket is being dealt with. The sooner you do so, the better. This way, the thief can no longer look through your account while the ticket is being processed, and thus your prized possessions are safe.
SENDING IN A TICKET
Be sure to be polite and explain everything in as much detail as possible. Do not send in multiple tickets, and do not be frantic (at least not at first). Include as much information as you can, and try not to seem frantic. If you are a premium member or spend a lot on NC, it is crucial to mention that as often as possible. If you know another language used on Neopets, it would be recommended to use it to submit the ticket, as you are likely to get a faster response.
WAITING
On average, it takes TNT months to answer a ticket. Sit around and twiddle your thumbs during this time, building awareness for your case. Once TNT replies, you will either get your account back, be informed that you will not be getting it back, or be asked for additional information. This is the point at which you can play various bargaining games, though it is still recommended to be polite. Sometimes, TNT will answer that they are unable to return your account. If this is the case, politely reexplain the situation and ask for them to look into it a bit more, but do not submit another ticket. It is better to chat via the comments than spam them with unneeded tickets.
BOARD MAKING
One of the things that you can do while waiting is make boards raising awareness for your case - especially if you have had any pets stolen. When doing so, be sure not to post exact names or name formats (for example, for nimorika_wind the UC Faerie Xweetok, I would put xxxxxxxx_xxxx +/- a few letters), or your board may be deleted. Remember, X is uppercase, x is lowercase, and # represents numbers. Never provide enough detail to identify the pet, but provde just enough so that you will be contacted if somebody sees a pet which may be yours floating around. If less people trade for the pet, you have a higher likelihood for having that pet returned to you, so it is good to build awareness. Furthermore, people knowing might just help your case in the long run. Sadly, there is never a guarantee of having everything (or anything) returned.
BOUGHT / SOLD / STOLENIF YOU STILL HAVE ACCESS TO YOUR ACCOUNT
Change all of your information immediately and then send in a ticket to TNT saying that you think your account is being compromised and to please return it to you, including something that will tell them that it is indeed you. Afterwards, self-ice to protect your belongings. You will now have to submit a ticket to continue the process, which will leave you in more or less the same sitation as one with a stolen account (except that your account will hopefully still be intact).
IF YOU DO NOT HAVE ACCESS TO YOUR ACCOUNT
If your account is frozen, good. You should be happy. If not, report it using this form and explain to TNT that this is your account, it was compromised, and you would like it temporarily frozen while th ticket is being dealt with. The sooner you do so, the better. This way, the thief can no longer look through your account while the ticket is being processed, and thus your prized possessions are safe.
SENDING IN A TICKET
Be sure to be polite and explain everything in as much detail as possible. Do not send in multiple tickets, and do not be frantic (at least not at first). Include as much information as you can, and try not to seem frantic. If you are a premium member or spend a lot on NC, it is crucial to mention that as often as possible. If you know another language used on Neopets, it would be recommended to use it to submit the ticket, as you are likely to get a faster response.
WAITING
On average, it takes TNT months to answer a ticket. Sit around and twiddle your thumbs during this time, building awareness for your case. Once TNT replies, you will either get your account back, be informed that you will not be getting it back, or be asked for additional information. This is the point at which you can play various bargaining games, though it is still recommended to be polite. Sometimes, TNT will answer that they are unable to return your account. If this is the case, politely reexplain the situation and ask for them to look into it a bit more, but do not submit another ticket. It is better to chat via the comments than spam them with unneeded tickets.
BOARD MAKING
One of the things that you can do while waiting is make boards raising awareness for your case - especially if you have had any pets stolen. When doing so, be sure not to post exact names or name formats (for example, for nimorika_wind the UC Faerie Xweetok, I would put xxxxxxxx_xxxx +/- a few letters), or your board may be deleted. Remember, X is uppercase, x is lowercase, and # represents numbers. Never provide enough detail to identify the pet, but provde just enough so that you will be contacted if somebody sees a pet which may be yours floating around. If less people trade for the pet, you have a higher likelihood for having that pet returned to you, so it is good to build awareness. Furthermore, people knowing might just help your case in the long run. Sadly, there is never a guarantee of having everything (or anything) returned.
Not all bought/sold pets are stolen; not all stolen pets are bought or sold. Both types are against the rules, but they do not always travel hand in hand. However, the ability to distinguish a normal pet is very important when trading / adopting / being involved on the site, so, after much popular demand, this section is included.
The problem with describing suspicious activities is that good luck and kind people also exist on Neopets. What I am about to describe might be something illegit, or it might just be a kind person doing a good deed. Do not, under any circumstances, ever confront people on the boards. Instead, simply use this form to report them if you think you have substancial evidence so that TNT looks into it.
Spotting a suspicious pet is sometimes very simple. If it is too good to be true, it probably is. High end pets are rarely just gifted (especially if the pet is not a commonly seen pet and/or the new owner refuses to give details of origin) and massive uptrades are rarely made. If either of these two things actually happen, then great! However, if not, then it is highly suspicious. I remember a case where a user suddenly obtained two amazing UCs from an old contact whose username she had forgotten. She was frozen very quickly after people caught on. Mysterious origins are often not very much in accordance to the rules. Another user traded their low end UC for a super high end and nicely named one on that very same day. They too were later frozen. Massive uptrades, though more common than amazing mysterious gifts, are also rare.
Be wary of nice pets that are up for quick adoption, or nice pets taken down from being traded and immediately being put up for adoption, especially from lesser known shell accounts. I'm not saying that you should not apply, but do not spend days on an application for a suspicious pet and then complain if something suspicious happens.
Check caches. Those things are amazing in showing you what has happened to a pet. Granted, they are not perfect, but if a pet was on a shell 40 days ago and was on an odd account 20 days ago, maybe you should raise an eyebrow. If it's an amazing opportunity, don't say no, but you can always submit a ticket to TNT about it (once you have the pet), explain the situation, and ask if there was something suspicious involved. In the summer of 2012, I adopted a well-named unconverted faerie pet off of a Pounding board; after I asked TNT, the pet was removed from my account, but because I asked their original owner got everything back in a timely manner. That's what matters, after all.
Remember, though, that just because something is suspicious does not mean that it is illegit. Just be careful, stay alert, and stay alive (account-wise, of course).
CHEATERSThe problem with describing suspicious activities is that good luck and kind people also exist on Neopets. What I am about to describe might be something illegit, or it might just be a kind person doing a good deed. Do not, under any circumstances, ever confront people on the boards. Instead, simply use this form to report them if you think you have substancial evidence so that TNT looks into it.
Spotting a suspicious pet is sometimes very simple. If it is too good to be true, it probably is. High end pets are rarely just gifted (especially if the pet is not a commonly seen pet and/or the new owner refuses to give details of origin) and massive uptrades are rarely made. If either of these two things actually happen, then great! However, if not, then it is highly suspicious. I remember a case where a user suddenly obtained two amazing UCs from an old contact whose username she had forgotten. She was frozen very quickly after people caught on. Mysterious origins are often not very much in accordance to the rules. Another user traded their low end UC for a super high end and nicely named one on that very same day. They too were later frozen. Massive uptrades, though more common than amazing mysterious gifts, are also rare.
Be wary of nice pets that are up for quick adoption, or nice pets taken down from being traded and immediately being put up for adoption, especially from lesser known shell accounts. I'm not saying that you should not apply, but do not spend days on an application for a suspicious pet and then complain if something suspicious happens.
Check caches. Those things are amazing in showing you what has happened to a pet. Granted, they are not perfect, but if a pet was on a shell 40 days ago and was on an odd account 20 days ago, maybe you should raise an eyebrow. If it's an amazing opportunity, don't say no, but you can always submit a ticket to TNT about it (once you have the pet), explain the situation, and ask if there was something suspicious involved. In the summer of 2012, I adopted a well-named unconverted faerie pet off of a Pounding board; after I asked TNT, the pet was removed from my account, but because I asked their original owner got everything back in a timely manner. That's what matters, after all.
Remember, though, that just because something is suspicious does not mean that it is illegit. Just be careful, stay alert, and stay alive (account-wise, of course).
Not all cheaters on Neopets steal accounts, nor do all thieves cheat in other ways. There is a very important distinction between the two that I feel needs to be discussed.
Cheaters take all different shapes and forms on Neopets, depending on what they are doing. Some are as simple as a person collecting profitable dailies on many accounts, while others consist of programs created and used by Neopians to make the game easier for them. Cheating the game is against the rules and a freezable offense, and below I have listed some of the programs I have heard of being used.
On the AC, these might include score-senders (programs that send scores and times for games automatically) used for avatar games, while the same programs might be used to get Reset Night trophies. Many of these are caught by TNT, but many more probably pass by unnoticed.
Restockers all scream about ABers (auto-FILTERS DON'T WANT THE FULL WORD HERE-buyers) which take expensive items out of Neopian shops when they are stocked. On the auctions, snipers complain about auto-bidders which do a similar thing but by bidding. Relatively recently, a program that just clicked the pets in the pictures of the shop-verifications was deemed against the rules by TNT, thus making all that had used it a cheater as well.
On a pet-related note, cheaters exist as well. AAers (auto-adopters) can sometimes grab nice pets from the Pound without needing to be refreshed, while auto-clickers during the Purge helped some people make their perfect names.
Two less noticed cheats are auto-refreshers (often used to attach petpetpets and get random-at-a-spot avatars) and auto-posters (which post a certain thing on the Neoboards, though I cannot say I have seen it used recently). These two seem the most harmless, but are still actively being watched if used too often or obnoxiously.
Cheaters cheat. That is what they do. However, if a user is just a cheater, they are affecting their own gameplay and not that of others, hence the distinction between cheaters, scammers, and thieves. Yes, a program snatching your precious pet from the Pound isn't fair to you, but it's not like they broke into your account and took it themselves. Don't get me wrong, cheaters are bad too, but they're not as bad. Besides, TNT is slowly cracking down on these, so they might not be around for that much longer (in their current forms, at least).
So, in summary, cheaters exist, not all cheaters steal, and don't cheat.
F.A.Q.Cheaters take all different shapes and forms on Neopets, depending on what they are doing. Some are as simple as a person collecting profitable dailies on many accounts, while others consist of programs created and used by Neopians to make the game easier for them. Cheating the game is against the rules and a freezable offense, and below I have listed some of the programs I have heard of being used.
On the AC, these might include score-senders (programs that send scores and times for games automatically) used for avatar games, while the same programs might be used to get Reset Night trophies. Many of these are caught by TNT, but many more probably pass by unnoticed.
Restockers all scream about ABers (auto-FILTERS DON'T WANT THE FULL WORD HERE-buyers) which take expensive items out of Neopian shops when they are stocked. On the auctions, snipers complain about auto-bidders which do a similar thing but by bidding. Relatively recently, a program that just clicked the pets in the pictures of the shop-verifications was deemed against the rules by TNT, thus making all that had used it a cheater as well.
On a pet-related note, cheaters exist as well. AAers (auto-adopters) can sometimes grab nice pets from the Pound without needing to be refreshed, while auto-clickers during the Purge helped some people make their perfect names.
Two less noticed cheats are auto-refreshers (often used to attach petpetpets and get random-at-a-spot avatars) and auto-posters (which post a certain thing on the Neoboards, though I cannot say I have seen it used recently). These two seem the most harmless, but are still actively being watched if used too often or obnoxiously.
Cheaters cheat. That is what they do. However, if a user is just a cheater, they are affecting their own gameplay and not that of others, hence the distinction between cheaters, scammers, and thieves. Yes, a program snatching your precious pet from the Pound isn't fair to you, but it's not like they broke into your account and took it themselves. Don't get me wrong, cheaters are bad too, but they're not as bad. Besides, TNT is slowly cracking down on these, so they might not be around for that much longer (in their current forms, at least).
So, in summary, cheaters exist, not all cheaters steal, and don't cheat.
Why do people steal accounts?
Though this may be difficult to believe for some, stealing accounts is actually quite profitable. There is a black market for Neopets, items, Neopoints, and even Neocash, from which some people can earn thousands of dollars by selling stolen online merchandise for real money. Although TNT tries to crack down on this, they are not always very effective.
How did you come by the information on this page?
After stumbling along the Neopian Pound Chat for several years, some people began to recognize me. I paid attention to what knowledgeable people said and remembered it, passing on the information whenever I felt the need to. This attracted the attention of some people involved in the so-called Black Market of Neopets, some of whom befriended me. Much of what is on this page I learned from them, and I actually had to contact one of them and ask questions while writing this. Several additional remarks have been made by readers who have read this page and felt that there was something I needed to add.
How do I check a cache?
If you search the pet's (or user's) name and site:neopets.com on G, you should find several userlookups and petlookups. If you click the arrow to the right instead of the link, you will come across the cache. They are not always the caches you seek, but they are the only ones that can easily be found.
Somebody accused me of being suspicious! What should I do?
Ignore them. It doesn't matter what the general population of Neopia thinks - only what TNT thinks.
Is ________ (name of pet or user) legit?
I refuse to answer this question. There are few occasions on which I know something is definitely illegit, but this does not mean a thing either. Even asking this question can qualify as harrassment, and I do not feel the need to start rumors about people that may or may not be true. Be your own judge.
My account was frozen for suspicious activity / for my own protection. What does this mean?
TNT suspects that your account has been or may be stolen and has frozen it before you lose what is on it. Submit a ticket and wait - it is all that you can do at this point.
Why do you believe that unregs are used to most commonly?
They are by far the simplest method, and often yield wonderful results. Remember, simple and easy is more often used than difficult and hard. Furthermore, this was told to me by most of the people that gave me information relevant to writing this guide (the only one that didn't uses hashes himself).
I don't need to change my word and my account is secure because I have a PIN and the birthday security. Nobody will ever guess it all so I'm safe.
Is this even a question? A person might not be able to guess everything, but a program will. Remember, readers, that there are programs to do almost anything these days.
I heard from so-and-so that TNT's database has been hacked into.
I have heard these rumors as well, but do not entirely believe them. Yes, there are certain high-end Neopians whose accounts are lost periodically, but if the database was actually breached, I believe the hacker would have struck most of the high-end Neopians out there. I have yet to see this happen, so I tend to believe TNT when they say that the database has never been breached.
So basically you're telling us that it is all the victim's fault. Jerk.
Not entirely. You see, it would do well for the general population to be better informed about account theft. However, blantantly smashing TNT every time an account is stolen won't help much either. It's not their fault that their word recovery system is abused; however, it is a person's fault if their mail is purged after never checking it. It's nobody's fault entirely, but I would put more blame on the victim than TNT (at least in case of unregs). But if you've read this guide and your friend hasn't and their account is lost because of an unreg, it's your fault for not warning them.
Do you fear how cheaters may react to this page?
Honestly? Not really. I did not explain any of the in depth methods as to how they steal accounts (simply because I do not know them) or signal any out in particular. Furthermore, it is not as if CGs and hashes will suddenly stop being successful due to this page - the most effect that might occur due to this page's existence would be a slight decrease in the number of successful unregs. After all, it's not as if TNT will proudly parade this page everywhere (unless they give me Site Spotlight, in which case they will show that they want to help you prevent account theft), and I did not reveal anything that was not provided (with the full knowledge that it would be on this page) by a thief themselves.
Why is this page a ridiculously light color?
It is supposed to be relaxing so that you stop running around as if your hair is on fire. Yes, I know that blue is more 'relaxing', but blue is also sad. I don't want sad. I want emotionless. That is gray.
If you have any questions not answered by this page, please feel free to contact 0llyness via neomail and ask.
TL;DR SUMMARYThough this may be difficult to believe for some, stealing accounts is actually quite profitable. There is a black market for Neopets, items, Neopoints, and even Neocash, from which some people can earn thousands of dollars by selling stolen online merchandise for real money. Although TNT tries to crack down on this, they are not always very effective.
How did you come by the information on this page?
After stumbling along the Neopian Pound Chat for several years, some people began to recognize me. I paid attention to what knowledgeable people said and remembered it, passing on the information whenever I felt the need to. This attracted the attention of some people involved in the so-called Black Market of Neopets, some of whom befriended me. Much of what is on this page I learned from them, and I actually had to contact one of them and ask questions while writing this. Several additional remarks have been made by readers who have read this page and felt that there was something I needed to add.
How do I check a cache?
If you search the pet's (or user's) name and site:neopets.com on G, you should find several userlookups and petlookups. If you click the arrow to the right instead of the link, you will come across the cache. They are not always the caches you seek, but they are the only ones that can easily be found.
Somebody accused me of being suspicious! What should I do?
Ignore them. It doesn't matter what the general population of Neopia thinks - only what TNT thinks.
Is ________ (name of pet or user) legit?
I refuse to answer this question. There are few occasions on which I know something is definitely illegit, but this does not mean a thing either. Even asking this question can qualify as harrassment, and I do not feel the need to start rumors about people that may or may not be true. Be your own judge.
My account was frozen for suspicious activity / for my own protection. What does this mean?
TNT suspects that your account has been or may be stolen and has frozen it before you lose what is on it. Submit a ticket and wait - it is all that you can do at this point.
Why do you believe that unregs are used to most commonly?
They are by far the simplest method, and often yield wonderful results. Remember, simple and easy is more often used than difficult and hard. Furthermore, this was told to me by most of the people that gave me information relevant to writing this guide (the only one that didn't uses hashes himself).
I don't need to change my word and my account is secure because I have a PIN and the birthday security. Nobody will ever guess it all so I'm safe.
Is this even a question? A person might not be able to guess everything, but a program will. Remember, readers, that there are programs to do almost anything these days.
I heard from so-and-so that TNT's database has been hacked into.
I have heard these rumors as well, but do not entirely believe them. Yes, there are certain high-end Neopians whose accounts are lost periodically, but if the database was actually breached, I believe the hacker would have struck most of the high-end Neopians out there. I have yet to see this happen, so I tend to believe TNT when they say that the database has never been breached.
So basically you're telling us that it is all the victim's fault. Jerk.
Not entirely. You see, it would do well for the general population to be better informed about account theft. However, blantantly smashing TNT every time an account is stolen won't help much either. It's not their fault that their word recovery system is abused; however, it is a person's fault if their mail is purged after never checking it. It's nobody's fault entirely, but I would put more blame on the victim than TNT (at least in case of unregs). But if you've read this guide and your friend hasn't and their account is lost because of an unreg, it's your fault for not warning them.
Do you fear how cheaters may react to this page?
Honestly? Not really. I did not explain any of the in depth methods as to how they steal accounts (simply because I do not know them) or signal any out in particular. Furthermore, it is not as if CGs and hashes will suddenly stop being successful due to this page - the most effect that might occur due to this page's existence would be a slight decrease in the number of successful unregs. After all, it's not as if TNT will proudly parade this page everywhere (unless they give me Site Spotlight, in which case they will show that they want to help you prevent account theft), and I did not reveal anything that was not provided (with the full knowledge that it would be on this page) by a thief themselves.
Why is this page a ridiculously light color?
It is supposed to be relaxing so that you stop running around as if your hair is on fire. Yes, I know that blue is more 'relaxing', but blue is also sad. I don't want sad. I want emotionless. That is gray.
If you have any questions not answered by this page, please feel free to contact 0llyness via neomail and ask.
I'm not quite sure if this section is a TL;DR or a summary, but regardless, I feel that this should cover some of the more important points I have made. Hopefully.
SPREAD THE WORD?- It was probably not a CG. This is a necessary point, as this is the basic purpose of me making this page. You should protect yourself from all threats.
- Make a separate mail account just for Neopets. Do not use this for anything else, but be sure to check it regularly so that it does not purge. G is recommended, used along with their 2-step verification.
- Have a different word and pin on every account This might not help much, but when it comes down to it, it might just save your other accounts. Some users even have different mails attached to each account. I would only recommend that if you remember to check every mail on a regular basis.
- Do not keep all of your riches in one place. If you have millions of NP, store a decent amount on your sides. If you have a lot of UCs, spread them out along sides instead of having just one "superaccount". This may reduce targetting (if targetting methods become common).
- Change words and pins regularly. Not all who gain access to accounts act on this regularly, and sometimes you can protect yourself simply by changing your word and pin. Granted, if they have access to your mail this will not help much, but for this reason you should change your mail's word regularly as well. Don't use the same words you use for Neopets for anything else, and make sure that they are not easy to guess.
- Keep record of everything. This is important in case you lose your account. Create a document in Excel with a row for each section of the ticket you would have to submit to reclaim your account, and make the columns be all of your accounts. Update this regularly, paying close attention to any NC codes redeemed.
- If you're suddenly signed out, log in and out. This often happens during a CG, and if you sign in and out two or three times and then change all of your account information, you should be fine. It's also a good idea since it will knock any thief currently on your account off of it, and might save your account.
- Use birthday verification. It does not necessarily help all the time (or, to be entirely honest, it rarely helps), but it can be useful. Granted, making a secret question would have been a better idea on TNT's part, but the effort they put forth is appreciated all the same.
- If it's too good to be true, it probably is. This is more pertaining to the movement of stolen and sold pets and items, but true in most cases. A 1 NP expensive item in a shop might be a CG, an up for quick adoption higher end unconverted pet (or one over-offered on your pet) is probably stolen (or sold), and so forth. Trust your instincts.
- Secure your own accounts. Emails, words, pins - everything. I stated this earlier, but be sure that you can prove that your accounts are yours.
When I created HACK, I never thought people would actually read it. Within the first month, I ran into the first stranger linking to it on a board. It warmed my heart. I wrote HACK to help other Neopians protect their accounts, but I cannot do it alone. I need your help.
Knowledge is half the battle. If you are informed of the methods that are used to steal accounts, then you can hopefully do something about them and protect yourself. Because of this, I beg of you to please share this site with your friends, random strangers, put it in fonts, and so forth. You obviously don't have to do it all, but every little bit helps.
Later on, I plan to add some fonts and a copy/paste for you to use into this section. Keep an eye out for this exciting update! (It may take a while, though, I do confess, unless I just upload the ones I have). For now, enjoy these banners that I have had made: (they link to their creators)
400 x 200
100 x 100
LINKSKnowledge is half the battle. If you are informed of the methods that are used to steal accounts, then you can hopefully do something about them and protect yourself. Because of this, I beg of you to please share this site with your friends, random strangers, put it in fonts, and so forth. You obviously don't have to do it all, but every little bit helps.
Later on, I plan to add some fonts and a copy/paste for you to use into this section. Keep an eye out for this exciting update! (It may take a while, though, I do confess, unless I just upload the ones I have). For now, enjoy these banners that I have had made: (they link to their creators)
100 x 100
|
|
|
|
||
|
|
||
|
|
||
|
Preview buttons are linked to their creators.
More buttons would be appreciated!
Helpful Sites
Sites by Olly
Listed At
Feel free to list HACK anywhere you choose, and mail me if you do for so that I can link back!
Thank you very much for visiting HACK and reading through it. I hope that it has been informative and please do feel free to contact me with any suggestions, information, or questions not answered here. Spread the word and come again!
DISCLAIMER: THIS PAGE'S PURPOSE IS TO BETTER PROTECT NEOPIANS FROM ACCOUNT THEFT, NOTHING MORE. PLEASE DO NOT PUNISH OLLY, TNT.
Coding and content by 0llyness. No sticky fingers allowed.
Special thanks to Nyan Cat, Yellow Submarine, Archer, Engie, and Dung Mote for providing much of the information on this page (you know who you are) and to TNT for not deleting this page and allowing for it to exist to build awareness for Neopians everywhere. Also to Alicja for the grammar check.
Since 12/25/2011
NEOPETS, characters, logos, names and all related indicia
are trademarks of Neopets, Inc., 1999-2012.
denotes Reg. US Pat. & TM Office. All rights reserved.
PRIVACY POLICY | Safety Tips | Contact Us | About Us | Press Kit
Coding and content by 0llyness. No sticky fingers allowed.
Special thanks to Nyan Cat, Yellow Submarine, Archer, Engie, and Dung Mote for providing much of the information on this page (you know who you are) and to TNT for not deleting this page and allowing for it to exist to build awareness for Neopians everywhere. Also to Alicja for the grammar check.
Since 12/25/2011
NEOPETS, characters, logos, names and all related indicia
are trademarks of Neopets, Inc., 1999-2012.
denotes Reg. US Pat. & TM Office. All rights reserved.
PRIVACY POLICY | Safety Tips | Contact Us | About Us | Press Kit