Categories: Security

3.3 Million User Details Stolen From Hello Kitty Website

Details on 3.3 million users of SanrioTown, Sanrio’s official website for Hello Kitty and other characters, have been leaked online following what appears to be a breach of the website’s database, according to a security researcher.

Sanrio’s products are popular with children, meaning it is likely children’s details are included in the database, although Sanrio did not immediately respond to a request to confirm this.

Personal data

Chris Vickery contacted industry journal CSO regarding the breach late on Saturday and also reported the breach to Databreaches.net, the journal reported.

The records include names, birth dates, gender, country of origin, email address, lightly protected passwords, and password hint questions and answers, according to Vickery.

He said the passwords were stored as hashes using SHA-1 encryption, which is considered relatively easy to reverse. The hashes didn’t include “salts” of random data, a way of improving protection, Vickery said.

The inclusion of password recovery data means the passwords should be considered as compromised, according to security experts, who advised users to reset their passwords and to change passwords that might have been reused on other sites.

The database also included the details of users who registered on a number of other Sanrio websites, including hellokitty.com and mymelody.com.

Investigation

Sanrio said it is looking into the incident.

“The alleged security breach of the SanrioTown site is currently under investigation,” the company said in a statement. “Information will be made available once confirmed.”

SanrioTown is operated by Hong Kong-based Sanrio Digital and hosts games and community forums related to Sanrio products.

The breach follows that of toy maker Vtech less than a month ago, which leaked 11 million users’ data, including that of nearly 6.4 million children.

Such data can be used in identity theft, according to industry observers.

Earlier this year Sanrio confirmed a database leak that exposed information on more than 6,000 of its shareholders.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Amazon Alexa Recovers After Morning Outage

Alexa wake up alarm didn't work this morning? Smart lights didn't turn on? Outage of…

22 hours ago

UK, Australia Reach Cyber, Critical Tech Agreement

Australia says it will 'fight back' against nation state cyberattacks, after agreements with the UK…

23 hours ago

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

2 days ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

2 days ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

2 days ago