“Hello Kitty” hack exposes 3.3. million user accounts

23 Dec 2015 | Author: | No comments yet »

‘Hello Kitty’ Fan Database Leak Exposes 3.3 Million Users: Researcher.

An online database containing information on some 3.3 million fans of Hello Kitty and other Sanrio products may have been wide open to hackers for a month or more, reports security researcher Chris Vickery. The information exposed in the breach includes the first and last names, birth dates, genders, countries of origin, and email addresses for 3.3 million accounts.A shocking data breach at SanrioTown.com, the online community for Hello Kitty fans, has leaked details of 3.3 million user accounts online – many of which are believed to belong to children.

The breached data included full names, encoded by decipherable birth dates, email addresses, and encrypted passwords, along with password reset questions and answers.1 It’s not clear if the site’s breached data contained any financial information, or how it was leaked. However, the hashing technique used by SanrioTown leaves it easy for an attacker to use force to uncover a significant proportion of the obscured passwords.

Vickery notified SanrioTown.com of the breach, as well as the internet service provider being used to host the database, but no further details are currently available. is popular among both adults and children, and internet security experts are warning parents to make sure their kids’ passwords are changed immediately – particularly if they use them for other websites. It is not expected that images or audio of minor were exposed, as with recent security issues with Hello Barbie and VTech. “The alleged security breach of the SanrioTown site is currently under investigation,” Sanrio said in a statement provided to NBC News. “Information will be made available once confirmed.” In an email to NBC News, Vickery wrote that he found the database the same way he found another, larger one associated with the software MacKeeper last week. Accounts registered to other sites associated with SanrioTown.com are also affected by the leak, including hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; andmymelody.com. Adult users are also advised to completely abandon their own use of the compromised password, as it is a relatively easy task for hackers to cross-reference accounts on different sites that share passwords.

In late November, electronic toymaker VTech suffered a devastating cyber attack , which led to 10 million accounts being compromised – 6.3 million of which belonged to children . That would make the Sanrio breach the second in just the last month to demonstrate the vulnerability of children to the same sort of data breaches that usually affect adults.

That breach, which was pulled off by a hacker who told news site Motherboard that he or she merely wished to demonstrate Vtech’s insecurity, went beyond mere usernames and passwords to include photos and videos to include childrens’ photos and chatlogs. But cautious users of the company’s sites, young or old, should reset their passwords—whether or not Sanrio itself acknowledges the breach and requires that reset.

Vickery says that the leaked passwords were encrypted with SHA-1 hashing, but not “salted” with random data, an additional step to strengthen that encryption. Anyone who reused the same password between one of the breached sites and other websites should also be careful to change those other sites’ passwords, too. Beyond the risk of a compromised HelloKitty.com account, the Sanrio and Vtech breaches both serve as reminders that minors today can also be victimized by data breaches, particularly as their online footprints grow to match those of adults. It’s worth checking on the data security of your kids, too—as if guarding your own personal information weren’t vexing enough. 1Correction 12/21/2015 3:21pm EST: An earlier version of this story confused the games and community site Sanriotown.com with the e-commerce site Sanrio.com.

Here you can write a commentary on the recording "“Hello Kitty” hack exposes 3.3. million user accounts".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site