Hello Kitty accounts hacked, 3.3 million users have their details leaked online

By midian182
Dec 21, 2015
Post New Reply
  1. Another day, another data breach. This time the victim is sanriotown.com, the official online community for Hello Kitty and another Sanrio characters. Information that includes first and last names, birth dates, countries of origin, gender, and email addresses for 3.3. million accounts – including many that belong to children – have been leaked online.

    The information in the leaked database also comes from accounts registered at a number of other Hello Kitty sites, including hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com.

    According to CSO, researcher Chris Vickery discovered the breach. He found "first and last names, birthday [...], gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers, and other data points that appear to be website related."

    Parents have been advised to change their children’s passwords immediately, as well as their own. And, as is always the case in these situations, to alter the passwords on any other sites they use that share the same login credentials.

    Vickery found the leak on Saturday and has notified Sanrio, the owner of the Hello Kitty brand, about the breach. He also notified the ISP being used to host the database. Vickery has not said where he discovered the leaked data in order to reduce the risk of more people accessing it. So far, Sanrio has not commented on the hack.

    The report says the data was first compromised on November 22, meaning the hackers have been in possession of the information for almost a month. In addition to changing passwords, it’s recommended that any adults with accounts on the compromised sites set up some kind of credit monitoring.

    Sanrio becomes the second company that makes child-focused products to suffer a data breach in the last month. Children’s toy-maker VTech had information on five million customers, including passwords and IP addressess, stolen in November. UK police later arrested a 21-year-old man from Berkshire in connection with the hack.

    Permalink to story.

  2. H3llion

    H3llion TechSpot Paladin Posts: 1,377   +286

    Ouuuuh meeeeeeooooow :(
  3. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,274

    Whoever owns this HK IP shoulda invested in a few vicious watchdogs instead because clearly whatever inadequate precautions they were taking didn't work.
    "We take the security of our customers data very, very, very, very, very, ultra seriously". Yeah?... Where have I heard that before?

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...