Millions of Hello Kitty fans have their data exposed online
If you’re a lover of Hello Kitty, My Melody, and (my favourite) Keroppi the frog then you might want to rub the cuteness out of your eyes, and wake up to the real world of information security.
Fresh on the heels of revealing that 13 million MacKeeper customers had had their sensitive account details left lying around on a publicly accessible database, researcher Chris Vickery had discovered a database containing the details of some 3.3 million users of the Sanrio Town online community.
Sanrio, of course, is the Japanese company that for decades has been looks after the multitude of products that bear the Hello Kitty and Friends cartoon brands.
As CSO reports, Vickery discovered the database dumb containing a wealth of information about members:
The records exposed include first and last names, birthday (encoded, but easily reversible Vickery said), gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers, and other data points that appear to be website related.
Vickery also noted that accounts registered through the fan portals of the following websites were also impacted by this leak: hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com.
The security breach comes shortly after electronic learning toy manufacturer VTech was hacked, revealing the personal details of millions of families and their children.
Understandably there will be concern that not only has Sanrio’s database been exposed, but also that it may contain the personal information of children.
Therefore, it is especially important that steps are taken to limit the potential impact of the security breach.
Although users’ passwords appear to have been hashed, there remains the potential for hackers to crack them – especially if weak passwords were chosen.
Therefore, the first step is to ensure that the password you or your children are using on Sanrio’s websites is not being reused on any other online account. After all, if a hacker has managed to access the Hello Kitty database, you wouldn’t want those details to be used in an attempt to break into other accounts – such as your webmail or banking sites.
If you do find that passwords are being reused, change them immediately – for a password that is hard to crack and impossible to guess. It’s the twenty-first century, stop choosing passwords like it’s 1987.
As a rule you shouldn’t ever reuse your passwords. If you – quite understandably – find it hard to remember unique and complex passwords for each website you access, invest in a decent password management tool.
In addition, where websites give you the option of using two-factor authentication (2FA) for an additional layer of security, be sure to enable it. Yes, 2FA can be a minor pain, but it is a lot less of a hardship than trying to recover a hacked account.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021