Hello Kitty community website SanrioTown leaks over three million user accounts

3.3 million user accounts leaked by Hello Kitty website SanrioTown

Details on over three million Hello Kitty customers users have been leaked in the latest major hack to hit a consumer brand.

The leak occurred on a website called Sanriotown.com, an online community for the popular Japanese character Hello Kitty. In total 3.3 million user records have been leaked, according to Chris Vickery, the vulnerability hunter who discovered the much-publicised hack at VTech.

The exposed records include names, email addresses, passwords, birth dates and locations of those registered with the website. Sanrio Co. Ltd is a Japanese firm that designs, licenses and produces products based around pop-culture characters including Hello Kitty.

A number of other domains are also reportedly affected by the data leak, including hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th and mymelody.com.

Security news blog Salted Hash, which was contacted by Vickery following his discovery, reported that the leak was down to poor database security, and that two backup servers containing mirrored data were also found online. The earliest logged exposure of the data is 22 November.

Users of any of the affected websites are urged to change their passwords immediately. Any passwords used with other services, such as email and online banking, should now also be updated.

SanrioTown stated on its website that the firm routinely collects a range of details from users.

“Personally identifiable information includes your first and last name, year of birth, gender, country, occupation, annual income range, education, household size and alternative contact address,” reads the privacy policy.

“The second kind is non-personally identifiable information which includes your IP address, operating system, browser software, ISP, domain type and other numeric codes which identify a computer.”

V3 contacted Sanrio for comment, but had received no reply at the time of publication.

Emily Orton, director at UK security firm Darktrace, said the leak was yet another indication that firms must ensure adequate security when handling personal information.

“Companies like Sanrio need to urgently rethink the way that they protect their information and reputation.

“The status quo of security is not good enough anymore. We know that companies face continual threats. Now it is time to do something about it, and bolster internal monitoring systems that work to catch early signs of compromise.”

VTech admitted earlier this month that over one million UK parent and child records were compromised in an attack on its servers.

Up to 190GB of private images and a huge cache of personal chat logs between parents and children were among the data stolen. The data included five million customer records covering names, addresses and passwords, alongside roughly 200,000 personal details of children.

A 21-year-old man has since been arrested in relation to the VTech hack on suspicion of “unauthorised access to a computer to facilitate the commission of an offence” and “causing a computer to perform a function to secure/enable unauthorised access to a program/data”.

2015 has been a record year for cyber attacks and data breaches, including high-profile hits at JD Wetherspoon, Target and the US Office of Personnel Management.

If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

21 December 2015 | 1:12 pm – Source: v3.co.uk


Leave a Reply

Your email address will not be published.