After VTech's App for Kids, Hackers Breached Sanriotown.com; 3.3 Million Hello Kitty Accounts Leaked
More than 3 million personal data of Hello Kitty fans were compromised after a database for Sanriotown.com, which is the official website for all things Hello Kitty and some of the other Sanrio characters, was found online by security researcher and IT support specialist Chris Vickery and, apparently, it comes easily accessible.
Some of the personal information that may have been exposed include first and last names, birthday, gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers and other data points that appear to be website related, according to a CSO Online report.
A couple of additional backup servers, which holds similar data were also found. Apart from the website sanriotown.com, Vickery also said that the effect of the breach also covers different fan portals on websites, such as hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com, wherein registered accounts are also compromised.
Vickery decided not to disclose the location of the data in order to keep the leak from spreading and after the leak was found Saturday, Sanrio and the ISP being used to host the database were immediately notified, wrote International Business Times. The screenshots of the data, IP information, DNS data, and other identifying markers were all withheld.
"The biggest worry about said leak is that there are likely a lot of accounts for kids across Hello Kitty's digital network. Parents are currently advised to check and see if their kids use the site," wrote PC Mag.
"If so, it's time to change their passwords-and it's important to change them to something that isn't already used on other sites, as to ensure their security (especially if Sanrio's servers get hit again)."
Just before the end of November, another massive consumer data breach was discovered online wherein around 5 million parents and more than 200,000 kids were also affected. The children's identities and exact whereabouts could be exposed in the breach of VTech's Learning Lodge app store, which is where VTech product owners can download apps, learning games, e-books and other educational content.
The customer database that was compromised contains numerous general user profile information, which includes name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history.
Other large consumer data incidents that made headlines this year include Ashley Madison involving more than 30 million accounts and Anthem, an American health insurance company, which lost about 80 million records to the data breach.