icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
21 Dec, 2015 18:51

Personal details of 3.3m Hello Kitty users exposed online

Personal details of 3.3m Hello Kitty users exposed online

The personal data of up to 3.3 million users of several Hello Kitty websites has been exposed in a database breach.

Researcher Chris Vickery discovered the details of 3.3 million accounts associated with sanriotown.com over the weekend, which is the official web portal for Hello Kitty and other characters owned by parent company Sanrio. The site offers fans access to forums, mini-games, videos, blogs and other Hello Kitty content.

Details included in the records, which were first known to have been published on November 22, 2015, are the first and last names, email addresses, home countries and the sexes of users, as well password hints and their corresponding answers. Unsalted SHA-1 password hashes, which are easily reversed to allow access to original passwords, were also uncovered.

Read More: ‘Pretty easy’: 200,000+ kids’ photos, names grabbed by hacker from ‘negligent’ company

Hello Kitty is a brand popular around the world among both children and adults. A number of websites associated with the brand are affected by the leak: hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th and mymelody.com. Two servers containing mirrors of this data were also discovered.

After discovering the database of information, Vickery passed on the details to technology website CSO and DataBreaches.net.

As accounts set up by children are likely to be involved in the leak, a journalist with CSO, Steve Regan, has described the leak as being "worse" than if it had just been adults affected.

"If someone managed to compromise a child's identity, the fraud might not be detected for years, because most parents don't monitor their child's credit record," Regan stated.

Podcasts
0:00
22:18
0:00
25:29