VPN Articles and News

3.3 Million Hello Kitty Accounts Compromised

By
Monday, April 25th, 2016


SanrioTown, the official online community for Hello Kitty fans, has suffered a major security breach. As per the recent media reports, account details of more than 3.3 million SanrioTown users were compromised in a hacking attack. The hackers not only breached the security of SanrioTown.com website but also of several other Hello Kitty sites like hellokitty.com, mymelody.com, hellokitty.in.th, hellokitty.com.my and hellokitty.com.sg. The breach is likely to affect from users from all over the world since Hello Kitty is a popular cultural figure across the globe.

The hack was discovered by security expert Chris Vickery who spotted a database of more than 3.3 million accounts online. As per Chris, the database included full names, email addresses, gender, encrypted passwords, location, encoded date of births as well as password reset questions and their answers. Although there is no clarity over how and when the information was leaked online, the database did not include financial information such as credit card numbers or IP addresses of the users. Chris also revealed that although the passwords were encrypted with SHA-1 hashing, they were not “salted” which could have enhanced their encryption.

The SanrioTown database hack is yet another instance of minors’ data getting leaked online. The security breach comes soon after toymaker VTech’s database was hacked in the month of November. The VTech breach exposed data of 5 million adults and more than 6 million kids. What’s worse, the breach even leaked photos of kids that were captured through the toys designed by the company. Since SanrioTown has over 180,000 minors as members, it can be safely said that the hack has affected a large number of kids and teens.

If you are a SanrioTown or HelloKitty user then you are advised to change your password immediately. Since Sanrio did not use enhanced encryption to protect passwords, resetting the password is the best option in the current scenario. Also, since the password reset information was hacked along with other details, you must change that information for SanrioTown and HelloKitty websites as well. Security experts have also asked users to change their security credentials on other websites if the details used on HelloKitty websites were shared across multiple sites.

After the news of the security breach came to light, Sanrio investigated the hack and fixed the security loophole. While the company has admitted that some of its servers had security vulnerabilities which could have allowed attackers to steal personal information, it also clarified that personal information of users was never stolen and all the financial information was secure. However, Chris disputed this claim and said that he himself accessed the information through three different IP addresses. He also claimed that Sanrio could have discovered the security loophole easily just by having robust security policies in place.

The theft of over 3.3 million Hello Kitty user accounts is yet another instance when hackers have managed to beat the security defenses of large companies. The incidence also shows that personal information of minors is especially at risk since they don’t know how to deal with such situations. If you or your kids are affected by the Hello Kitty breach, you are advised to take corrective action immediately.


April 25, 2016
Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


2 + 4 =