InShortViral: The crisis of Sanrio, the company behind the brand Hello Kitty, have the data of 3.3 million users exposed
A toy producer had the data of its clients and many of children exposed through its app store, a month ago, because of a slot that was fortunately caught by a researcher who reported the disturbance to the company. Now is the crisis of Sanrio, the company behind the brand Hello Kitty, have the data of 3.3 million users exposed.
The company, a creator of the famous character mustaches and cat ears, Keeps the forum Hello Kitty Community on its official website. It is used to provide online support such as e-mail, blogs, and mini-games of Scorpio girl.
Hello Kitty hacked, 3.3 million accounts exposed
According to the researcher Chris Vickery Online CSO, who discovered the violation, a database containing user information online was discovered by an obvious violation.
The data presented include name, surname, date of birth (coded, but easily accessible), sex, country of origin of the registered person, e-mail addresses, cryptographic dispersion data SHA-1 relating to passwords, password hints and its answers, and other information that appear to be associate to the website. The worst part of this leak is the number of accounts that apparently belongs to children.
Information from other sites related to HelloKitty, as hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th and mymelody.com, were also discovered online. Users of pages received a notification to change their login information, especially if these data are the same for access to other services.
Chris Vickery the researcher said:
“The records exposed include first and last names, birthday (coded, but easily reversible), gender, country, email address, password hashes without SHA-1 forethought, password hint questions and their corresponding answers and other data that appear to be related to the site.”
Recently, there was a similar case. The Vtech company that makes toys connected to the Internet was the target of an attack resulting in data leakage 5 million parents and more than 200,000 children. The attackers even had access to pictures of several children in this case.