SanrioTown security breach puts Hello Kitty fans' private information at risk from hackers

Personal details like names and email addresses of users were leaked in the security breach

Doug Bolton
Monday 21 December 2015 06:52 EST
Comments
Hello Kitty accepts the honour of being named one-day stationmaster of the Keio Tama-Center Station in west Tokyo in 2014
Hello Kitty accepts the honour of being named one-day stationmaster of the Keio Tama-Center Station in west Tokyo in 2014 (YOSHIKAZU TSUNO/AFP/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A large data breach at Sanrio Town, the official online community for fans of Japanese cartoon character Hello Kitty, has resulted in the leak of the private information of around 3.3 million users, it has been reported.

Weeks after hackers broke into a secure database at children's toy company VTech, gaining access to the personal details and even pictures of potentially millions of children, the apparent Sanrio Town breach has resulted in the publication of the names, birth dates, genders, email addresses and countries of origin of millions of users.

The breach was discovered by security researcher Chris Vickery, who alerted the Salted Hash security blog about the issue over the weekend.

As well as Sanrio Town, which takes its name from the company that owns the rights to the Hello Kitty brand, some accounts on a number of other portal sites related to the website were reportedly leaked.

According to Salted Hash, the earliest known date of publication for the private information was 22 November this year.

Sanrio and the internet service provider used to host the leaked database of details have been notified, but it is not yet clear if the database, and two other cloned versions of it, have been removed from the web.

Hello Kitty, and many of Sanrio's other cute characters, are loved by children the world over - so there is a concern that the private details of children could have been leaked.

The passwords of users were 'hashed', making them difficult to find out - however, determined hackers could potentially break this encryption enough to accurately guess the passwords.

Password hints and their corresponding answers seem to have been leaked too, providing hackers with another method to discover the passwords.

Similarly, the birthdays of users were encoded - but Salted Hash noted that this security measure could easily be navigated.

While the security issue is still ongoing, SanrioTown users would do well to change their passwords on other websites, if those passwords are the same they use on Sanrio Town.

Similarly, password hints and answers should be changed if they are the same on Sanrio Town and other sensitive websites, such as email services or online banking.

Sanrio has not yet publicly commented on the allegations of a data leak.

The Independent has contacted Sanrio for a comment, this article will be updated when they respond.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in