The database of the official online community for Hello Kitty and other Sanrio characters, the sanriotown.com, has suffered a data breach. The researcher Chris Vickery has discovered online a database exposing 3.3 million accounts belonging to Hello Kitty fans.
According to Vickery not only the primary database sanriotown.com was affected, the fan portals of the following websites were also impacted by the leak:
On Saturday evening, Vickery reported the discovery to Databreaches.net and Salted Hash.
The records exposed include first and last names, gender, encoded birthday (easily reversible), country, email addresses, SHA-1 hash passwords, password hint questions with corresponding answers, and other information.
The expert also discovered two additional backup servers containing mirrored data, then he notified the data leak to both Sanrio and the ISP being used to host the database.
This incident is raising great concern in the IT security industry because one again personal information of children are exposed online.
The recent VTech data breach exposed 11.6 million people, and 6.4 million of them were children.
The identity theft of a child is even more insidious because crooks could abuse of the stolen data for years.
Every time I receive news of a data breach I suggest affected users to the change password for all the websites that share the same login credentials.
The same suggestion is valid for users that share the same hint question and answer across different websites.
(Security Affairs – Hello Kitty, data breach)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.