Shop Neopia's been fighting for the active player base of Neopets since... well since we first assembled! Its unethical, it's not good for the game we love, and it's just plain rude & nasty!
Everyday active player's accounts are traded and sold. Everyday another player may lose what they have worked hard for, or worse recently purchased! There are many ways that someone could hack you. Most are very straight forward which I will explain in more depth what they are and how we counter them below! Sometimes, it's inevitable if the hacker is truly that good. Or, if we somehow misjudged a link we clicked and were cookie grabbed. -- The good thing about being cookie grabbed is that your password is never revealed. So you are still secure once they have exited!
Why would someone hack into an active account? It's because they are desperate or simply don't care sadly. Sometimes it can be a poor judgement of the accounts activity, but why would someone risk that anyways? Since dealing with actives comes with high risk they are generally very cheap which means more profit for whomever secures it! These shady people can be a problem to a player who has recently purchased an account since they may not have been able to update the information or the profile yet! Some websites just don't got it like us *flexes*. Therefore they feel the need to use risky and un-secure accounts, sometimes stealing from an active player that just doesn't keep their userlookup updated. :/
If you follow our quick tips and tricks to keeping your account hack proof you'll surely never get hacked... easily again! Following these tips will not only secure your account but also make you virtually stealth to foreign threats. Each precaution has it's reasoning why included. -- Mix them up for your needs and what you feel you should tighten up on security wise!
Change Your PasswordThis is a no brainer, I get it. But what you didn't know is that your password does not always change immediately. In the state that Neopets is in, sometimes two passwords work for a single account! This can be a problem if the account is not originally yours since you can't necessarily submit a ticket right away! It is very important for you test that your password has been changed when you have changed it. We have incorporated this into our account securing process starting about 4 months ago.
To test your password it is simple, apply step number two which is birthday prompting your account. This enables you to test the password twice without actually logging in and getting your IP logged (Since everyone always stresses it's not good to login and out often, especially from different IP addresses!). To know if your password works or not simply look at the URL on the birthday screen after initially entering your UN and PW. If the URL contains "badpassword" then you guessed it, the password you entered is wrong. If it contains "hi" then the password you entered is the correct one.
Keeping your password updated and secure is the best defense against any permanent hack threats! This is because when Neopets is hacked the database is scraped via SQL injections or something similar. Which does not allow consistent entry to the players information. Therefore they form lists, which become outdated once you change your password. (Hints why checking if your password has been changed is so important!) It is best practice to use a password you do not use for other services, having the same password for multiple logins can lead to a chain hacking!
Turn on Birthday Prompt At LoginDamn, someone figured out your password. It's okay though, we have a birthday prompt to keep them out. *high-fives* If somehow your password gets guessed the birthday prompt will surely keep a lucky guesser at bay. It even holds solid defense against an experienced hacker with a brute-force type exploit. Which really narrows down the amount of threats that could get into your account.
So first we stopped attackers who could have a list, or have purchased your account from someone who does, by changing the password. Now we have effectively defended against attackers who don't have a list or a method to obtain the birthday. Most of these are guessers or have exploited using a process that allows unlimited login attempts (brute force). Since we set the birthday lock, once they crack your password it is useless!
Not only have we stopped threats from the front end, we also stopped threats from the backend. When I say backend I am speaking of your email account. Which is another secret entryway into a players account. If an attacker has reset your password via email, they still will not be able to login without knowing the birthday. Which is unretrievable without sending in a ticket ;) Makes sense now right?
Use A Real Email You Use & Pin Email ChangeA very common method of getting into accounts is via emails. It's a bit of a gamble for the hacker, but if they come across something nice they will surely act upon it!
Make sure your email password does not match your Neopets password! If someone does happen to get into your account, you can easily retrieve it via email. We pin the email so they can not change it! Furthermore if your email password is different from your Neopets password, they will need to guess that one too. Which would be really hard if you ask me!
Hacking into emails is becoming harder and harder for attackers. Therefore you should keep your email account active and up to date! Many email providers drop email accounts after an extended period time of inactivity. Once this has happened a hacker can re-create the email and retrieve the information to your Neopets account. In which they will need to change the password. But wait, whats that? Oh right, they are stopped by a birthday prompt!!! LEHGOOO! *epic win for us*
Staying Out of The Line of Fire
Sometimes changing your password is not enough. Or, we are unfortunate one and have two passwords that work temporarily. :/ For this reason, and a few others (like cookie grabbers etc) one would follow these practices to stay out of the line of fire.
Stealth Your AccountWhen you stealth your account you conceal your public activity on Neopets. You can do so on your Neopets account preferences page. If you do not login daily, or have multiple main accounts like a beast, then you will most likely want to do this.
This forces a hacker to asses activity based on your accounts appearance to determine whether or not it will be worth it and if it is easy enough to do. The more active someone is, the more likely a hacker will get caught in the act! -- And more active you are, the sooner you can submit a ticket.
Buy PremiumBuying premium gives you access to many different exclusive features from Neopets for Neopets, giving it's subscribers an advantage over the average player. It definitely has shown a greater improvement from the support team too. And because of it, this sole reason scares many intruders.
Almost certainly if you have premium your items will be retrieved! Unfortunately sometimes they are untraceable and get away with your assets, which causes a want to do it still. But in most cases they get caught red handed!
Check Your Pets Into the NeoLodge/ CustomiseWhen an attacker is assessing your account since it is stealthed they will look to see if your pets are fed or customized. Uncustomized pets that are sad is a sign of two things; one, you are inactive or two, the account was bought/ hacked into. When a hacker sees an account is bought, they can easily take the items since they are extra vulnerable. A person who recently purchased an account can't necessary go running to TNT just yet.
Sometimes you just don't have the time to feed your pets, or find the need to since they don't really... die x_x. It's extra clicks that seem repetitive. Fortunately Neopets has the NeoLodge which will keep your pets looking and performing in top shape! It is relatively cheap and is a MUST to keeping attackers away! You can buy neopoints here to check your pets into the NeoLodge!
Add Recent Goals To UserlookupDo not brag! If you post on your userlookup saving for 1 billion and write goal met then you will probably be targeteted... a lot!
Write goals that are small and meaningful to you. Always keep your assets low key unless you are positive your account is secure and you are aware of the links you click. Otherwise just keep it to yourself and your neofriends!
Note: Include dates when goals are achieved
Move Valuable Items To SDBThis is not a must, but it really helps a lot. People find accounts using methods that could reveal whats inside your account! Don't let them find you!
Move your items into your SDB for maximum security with a pin on them. If you have a gallery, it is up to your discretion but make sure your gallery is pinned! Do NOT put them into your shop! For many reasons, one of which you could mistakenly price the items. Since shops are not for holding items or displaying them, the security within it has many flaws. -- It's best to steer clear of the shops when you are storing your riches, take our word for it.
Don't Click Foreign LinksI'm pretty positive Neopets has handled all of the possible cookie grabbing injection areas on site. However the internet is always changing, so its still good to be alert! Stay clear of risky business. If you don't feel right clicking the link then don't click it.
Most CG's now are placed offsite somewhere in which they link people to that website where they grab the cookies and gain access. If it does not feel right, do not click it!
As a final preventative you can make sure you view all neomails in plain text. You can do so on your account preferences page on Neopets.
Note: Hover over links to reveal it's URL for inspection prior to clicking!
Do Business With Websites You TrustThis is not the case for everyone, but in our case it is necessary.
It use to be a huge thing where websites would scam gamers, or steal their information. With all these new faces, we wouldn't blame you for being skeptical again. We are proudly approaching our 4th year and we're just getting started. A little over-stocked I must say.
It's scary business giving out your CC information. Some cases they steal that information and don't even care about your Neopets information. We use PayPal to host our transactions to keep a secure and private environment. They offer seller and buyer protection on most transactions! We don't know any of your private information.
It could be a hoist to retrieve your email. Some people email spoof using your identity to gain access to other accounts you may have. It's very scary business and something you should be mindful of when choosing a place to shop.