2 min read

Millions of Hello Kitty fans have their data exposed online

Graham CLULEY

December 21, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Millions of Hello Kitty fans have their data exposed online

If you’re a lover of Hello Kitty, My Melody, and (my favourite) Keroppi the frog then you might want to rub the cuteness out of your eyes, and wake up to the real world of information security.

Fresh on the heels of revealing that 13 million MacKeeper customers had had their sensitive account details left lying around on a publicly accessible database, researcher Chris Vickery had discovered a database containing the details of some 3.3 million users of the Sanrio Town online community.

Sanrio, of course, is the Japanese company that for decades has been looks after the multitude of products that bear the Hello Kitty and Friends cartoon brands.

As CSO reports, Vickery discovered the database dumb containing a wealth of information about members:

The records exposed include first and last names, birthday (encoded, but easily reversible Vickery said), gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers, and other data points that appear to be website related.

Vickery also noted that accounts registered through the fan portals of the following websites were also impacted by this leak: hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com.

The security breach comes shortly after electronic learning toy manufacturer VTech was hacked, revealing the personal details of millions of families and their children.

Understandably there will be concern that not only has Sanrio’s database been exposed, but also that it may contain the personal information of children.

Therefore, it is especially important that steps are taken to limit the potential impact of the security breach.

Although users’ passwords appear to have been hashed, there remains the potential for hackers to crack them – especially if weak passwords were chosen.

Therefore, the first step is to ensure that the password you or your children are using on Sanrio’s websites is not being reused on any other online account. After all, if a hacker has managed to access the Hello Kitty database, you wouldn’t want those details to be used in an attempt to break into other accounts – such as your webmail or banking sites.

If you do find that passwords are being reused, change them immediately – for a password that is hard to crack and impossible to guess. It’s the twenty-first century, stop choosing passwords like it’s 1987.

As a rule you shouldn’t ever reuse your passwords. If you – quite understandably – find it hard to remember unique and complex passwords for each website you access, invest in a decent password management tool.

In addition, where websites give you the option of using two-factor authentication (2FA) for an additional layer of security, be sure to enable it. Yes, 2FA can be a minor pain, but it is a lot less of a hardship than trying to recover a hacked account.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Common Credentials Criminals Use in IoT Dictionary Attacks Revealed Common Credentials Criminals Use in IoT Dictionary Attacks Revealed
Silviu STAHIE

November 30, 2021

3 min read
Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown
Filip TRUȚĂ

November 29, 2021

2 min read
Social media firms will be forced to unmask online trolls, says Australia Social media firms will be forced to unmask online trolls, says Australia
Graham CLULEY

November 29, 2021

2 min read