Hello Kitty user accounts have been breached revealing the details of 3.3 million users. Hello Kitty is a cartoon character invented by Japanese company
Sanrio. SanrioTown, is an online community for fans of Hello Kitty, predominantly female children. The leaked data includes first names, last names, birthdays, genders and email addresses of SanrioTown users. The vulnerability was first recognized by security blog “Salted Hash”.
The breach was facilitated through a flaw in the hashing approach utilized by the SanrioTown site. Hashing transforms characters into shorter values that represent the original characters. The attacker, who was arrested in Berkshire, United Kingdom last week, was able to exploit the vulnerability to access the revealed data. Alongside SanrioTown, hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com were also impacted by the attack.
The Sanrio hack comes in the wake of the VTech which occurred in November 2015. Both attacks revealed data related to children. Sanrio Security experts urge parents to ensure their children’s passwords are updated, especially if the same passwords used to access the SanrioTown site are the same passwords used on other sites.
Were your children impacted by the Sanrio hack? Let us know the details. Add your comments below.
