The online community for Hello Kitty, Badtz-Maru, My Melody and other Sanrio characters, was recently exposed online through database from SanrioTown, According to the reports, the database, which was discovered by researcher Chris Vickery, held 3.3 million accounts and included full names, birth dates, genders, countries of origin, email addresses, unsalted SHA-1 password hashes, and password hint questions and answers. The database included information on 186,261 people under the age of 18.
Users of hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th and mymelody.com are also affected. Vickery said the data was
Hello Kitty Data Breach
n’t exposed by hackers, but via a misconfigured MongoDB installation.
“We are conducting an internal investigation and security review into this incident; at this time we have no indication that users’ personal information was stolen by malicious parties,” Sanrio said in a statement published on December 22, 2015.
All users are being requested to change their passwords.
“Given that many organizations have not adjusted their cyber security stance to take into account today’s multi-level attacks, the Hello Kitty breach highlights yet again that organizations should be focusing on making sure sensitive data remains protected – and leveraging strong encryption with access control is critical to achieving this,” Vormetric CSO Sol Cates told eSecurity Planet by email.
“This is yet another case of an organization that has failed to put in place these security controls,” Cates added. “Protecting data and passwords using ‘hashing’ techniques is simply not enough.”
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.