icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm

Personal details of 3.3m Hello Kitty users exposed online

Personal details of 3.3m Hello Kitty users exposed online
The personal data of up to 3.3 million users of several Hello Kitty websites has been exposed in a database breach.

Researcher Chris Vickery discovered the details of 3.3 million accounts associated with sanriotown.com over the weekend, which is the official web portal for Hello Kitty and other characters owned by parent company Sanrio. The site offers fans access to forums, mini-games, videos, blogs and other Hello Kitty content.

Details included in the records, which were first known to have been published on November 22, 2015, are the first and last names, email addresses, home countries and the sexes of users, as well password hints and their corresponding answers. Unsalted SHA-1 password hashes, which are easily reversed to allow access to original passwords, were also uncovered.

Read More: ‘Pretty easy’: 200,000+ kids’ photos, names grabbed by hacker from ‘negligent’ company

Hello Kitty is a brand popular around the world among both children and adults. A number of websites associated with the brand are affected by the leak: hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th and mymelody.com. Two servers containing mirrors of this data were also discovered.

After discovering the database of information, Vickery passed on the details to technology website CSO and DataBreaches.net.

As accounts set up by children are likely to be involved in the leak, a journalist with CSO, Steve Regan, has described the leak as being "worse" than if it had just been adults affected.

"If someone managed to compromise a child's identity, the fraud might not be detected for years, because most parents don't monitor their child's credit record," Regan stated.

Dear readers and commenters,

We have implemented a new engine for our comment section. We hope the transition goes smoothly for all of you. Unfortunately, the comments made before the change have been lost due to a technical problem. We are working on restoring them, and hoping to see you fill up the comment section with new ones. You should still be able to log in to comment using your social-media profiles, but if you signed up under an RT profile before, you are invited to create a new profile with the new commenting system.

Sorry for the inconvenience, and looking forward to your future comments,

RT Team.

Podcasts