Menu
Browse

Cyber Threat Actor: Scarlet Tiger

Actor Type Location Known Incidents
 Icon
Criminal
0 incidents
Profile

Scarlet Tiger, operating under the alias TarTarX, is a threat actor linked to the July 2022 breach of the virtual pet platform Neopets. The actor stole approximately 460MB of compressed source code and a database containing personal information belonging to 69 million users, including usernames, email addresses, birthdates, genders, and geographic data. TarTarX attempted to monetize this data by listing it for sale at a price of four bitcoins (~$94,000) on cybercrime forums, indicating financially motivated objectives. The Neopets breach represents the actor's only publicly documented operation, with no evidence of broader sectoral or geographic targeting patterns beyond this incident.

The actor gained unauthorized access to Neopets' infrastructure through what was described as a "general exploit" common to many websites, though technical specifics of the initial access vector were not disclosed. Notably, TarTarX maintained persistent access to Neopets' systems during the data exfiltration and sale phases, as demonstrated when the actor provided newly created user records from the live database to verify the breach's authenticity. This operational characteristic suggests ongoing access rather than a one-time intrusion. The stolen data's relevance to Neopets' newly launched NFT and Metaverse initiatives was not explicitly leveraged in the attack, with monetization focused solely on traditional data brokerage. No malware families, custom tooling, or collaborative affiliations with state actors or criminal groups were referenced in connection with the breach.

Third-party validation of the breach came through Breached.co forum owner pompompurin, who confirmed data freshness by comparing newly registered accounts with records provided by TarTarX. While historical breaches at Neopets were acknowledged—including prior unauthorized access by a Reddit user known as neo_truths—these were explicitly disassociated from Scarlet Tiger's activities. The actor's operational security practices included direct communication with journalists to amplify credibility during the sales process, though law enforcement engagement was initiated by Neopets' parent company Jumpstart. No subsequent claims or activities attributed to Scarlet Tiger have been documented since the Neopets incident, leaving the actor's longer-term trajectory unconfirmed.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
1 source