Last week, security researcher Chris Vickery discovered a database containing 3.3 million accounts from Sanriotown, a commercial Hello Kitty fansite operated by Sanrio, Hello Kitty's corporate owners.
The leak includes names, dates of birth, easily decrypted (unsalted) passwords, country of origin, email addresses and password hints. The leak includes accounts from several Sanriotown subsites, including hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com. It appears that Vickery was the only person who accessed this database (which was hosted on Sanrio's servers and accessible to anyone due to a configuration error) and he has notified Sanrio, who have corrected the configuration and closed off the database.
Sanrio itself leaked 6,000 shareholders' data earlier this year. Earlier this month, Hong Kong crapgadget kingpins Vtech leaked 4.3 million families' data.
As with Vtech, Sanrio had skipped some of the elementary steps in securing its users' data: neither company had "salted the hash" of the passwords they stored, a cheap and simple way to make leaked passwords nearly useless to attackers.
In an email to Salted Hash on Tuesday, Sanrio confirmed the exposed Hello Kitty database contained information on 186,261 minors, or those under the age of 18.
That's the bad news.
The good news is that, as mentioned yesterday, the leaked databases have been secured and the company's investigation so far shows that Vickery was the only person to have accessed the data.
Sanrio says the investigation is ongoing, so SanrioTown.com users are being encouraged to change their passwords, especially if they share those passwords with any other website. In addition the email says that it's "possible (but not yet certain) that maintenance conducted on November 20th resulted in the database becoming accessible."
Database leak exposes 3.3 million Hello Kitty fans
[Steve Ragan/Salted Hash]
(via Beyond the Beyond)
More than 40 years ago, Eric McMillan, a renowned designer of children’s play areas, and his team created the ball pit, those troughs of brightly-colored plastic balls that children swim around in. (Ball pits also may be a giant petri dish of pathogens but, hell, the kids love ’em.) Apparently, McMillan–who went on to be […]
On Thursday, the Oxbow Prairie Horizons School in Saskatchewan, Canada staged their annual student Christmas concert. The show, “Santa Goes Green,” pissed off parents in the town where oil is one of the major industries. Here’s a description from the Santa Goes Green sheet music: Melting ice caps, global warming, surfing reindeer! The North Pole […]
Last month, Propublica published a characteristically blockbuster piece on the use of "quiet rooms" in Illinois schools, especially in special ed programs: these are a euphemism for solitary confinement, and their use is so cruel and grotesque that Propublica's reporting prompted state level action to ban quiet rooms in schools and reform the policy on […]
Laptops are great when it comes to getting work done on the move, but sometimes you need a better and more responsive keyboard in order to get your work done away from your desktop. Here are six top-rated Bluetooth keyboards that will help you power through your tasks both at the office or while you’re […]
The life of an entrepreneur is rarely easy, regardless of whether you’re running Google or have yet to get your first idea off the ground. So why not make your life easier with a lifetime subscription to Zuitte 50+ Tools for Entrepreneurs while it’s over 90% off? With over 50 powerful tools that help everyday […]
When it comes to top-quality kitchen gadgets that won’t break the bank, nothing beats Gourmia. These eight best-selling Gourmia tools will help you take your culinary prowesses to the next level, and each one is available for an additional 15% off when you enter the coupon code COOKSAVE15 at checkout. 1. Gourmia GTF7350 6-in-1 Multi-Function […]