Neopets has released an "Important Announcement" urging its members to update their passwords and confirming that the company's IT systems were compromised.
Neopets is a game that lets players create, and care for, virtual pets inside a fantasy world.
"It appears that email addresses and passwords used to access Neopets accounts may have been affected," the company explained. "We strongly recommend that you change your Neopets password."
The admission comes just weeks after a cyberattacker was reportedly shopping a stolen Neopets database with 69 million member records and the Neopets source code for four bitcoin (which is currently worth less than $80,000, and falling).
The company confirmed that it learned about the attack on the same day the data was put up for sale, July 20.
Compromised Neopets member information includes names, email addresses, usernames, dates of birth, gender, IP addresses, Neopets PINs, and hashed passwords, as well as data generated during game play.
"As part of our ongoing commitment to the safety and privacy of the Neopets' player information in our care, we have reset players' passwords and are working on adding multifactor authentication to better safeguard your account access," Jim Czulewicz, president and CEO of Neopets owner JumpStart Games, said in a statement.
He added, "We have also enhanced the protection of our systems, including by further strengthening our network monitoring, authentication, and system protection."