2 min read

Millions of Hello Kitty fans have their data exposed online

Graham CLULEY

December 21, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Millions of Hello Kitty fans have their data exposed online

If you’re a lover of Hello Kitty, My Melody, and (my favourite) Keroppi the frog then you might want to rub the cuteness out of your eyes, and wake up to the real world of information security.

Fresh on the heels of revealing that 13 million MacKeeper customers had had their sensitive account details left lying around on a publicly accessible database, researcher Chris Vickery had discovered a database containing the details of some 3.3 million users of the Sanrio Town online community.

Sanrio, of course, is the Japanese company that for decades has been looks after the multitude of products that bear the Hello Kitty and Friends cartoon brands.

As CSO reports, Vickery discovered the database dumb containing a wealth of information about members:

The records exposed include first and last names, birthday (encoded, but easily reversible Vickery said), gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers, and other data points that appear to be website related.

Vickery also noted that accounts registered through the fan portals of the following websites were also impacted by this leak: hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com.

The security breach comes shortly after electronic learning toy manufacturer VTech was hacked, revealing the personal details of millions of families and their children.

Understandably there will be concern that not only has Sanrio’s database been exposed, but also that it may contain the personal information of children.

Therefore, it is especially important that steps are taken to limit the potential impact of the security breach.

Although users’ passwords appear to have been hashed, there remains the potential for hackers to crack them – especially if weak passwords were chosen.

Therefore, the first step is to ensure that the password you or your children are using on Sanrio’s websites is not being reused on any other online account. After all, if a hacker has managed to access the Hello Kitty database, you wouldn’t want those details to be used in an attempt to break into other accounts – such as your webmail or banking sites.

If you do find that passwords are being reused, change them immediately – for a password that is hard to crack and impossible to guess. It’s the twenty-first century, stop choosing passwords like it’s 1987.

As a rule you shouldn’t ever reuse your passwords. If you – quite understandably – find it hard to remember unique and complex passwords for each website you access, invest in a decent password management tool.

In addition, where websites give you the option of using two-factor authentication (2FA) for an additional layer of security, be sure to enable it. Yes, 2FA can be a minor pain, but it is a lot less of a hardship than trying to recover a hacked account.

tags


Author



Right now

Top posts

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read
What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer?

What Is a VPN, How Does It Protect Me, and What Cool Perks Does it Offer?

September 23, 2021

2 min read
Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Tesla reverses "Full self-driving" beta update after sudden braking reports Tesla reverses "Full self-driving" beta update after sudden braking reports
Graham CLULEY

October 27, 2021

2 min read
Ukrainian Police Arrest Underground Darknet Group Laundering Cryptocurrency for Hackers Ukrainian Police Arrest Underground Darknet Group Laundering Cryptocurrency for Hackers
Silviu STAHIE

October 26, 2021

1 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
Filip TRUȚĂ

October 26, 2021

3 min read