Data 3.3 million Hello Kitty fans are online after server hack
The sanriotown.com database has emerged online, revealing the account details of 3.3 million users of the site. Sanriotown is the site of the community of Hello Kitty enthusiasts, which is probably why many accounts belong to children.
The database, which was put online by hackers, contains names, dates of birth, gender, country of origin and email address. Also, the sha-1 password hashes, which are not salted, are on the street, as well as the hints for the passwords and their respective answers.
Sanrio is the Japanese company behind Hello Kitty and other characters of the franchise, and sanriotown is the official community site. In addition, other Hello Kitty portals used the same database, including hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in, and mymelody.com. Two database mirrors are also accessible. It is not known how long the information has been online; the oldest date that can be traced is November 22, 2015. Security researcher Chris Vickery discovered the hack and informed CSO about it.
Sanrio and the hosting provider have been notified of the hack, but have not yet responded. Details about how the hackers managed to penetrate the database are not known, but according to Databreaches, it was a MongoDB database. Early this year, experts warned that many MongoDB servers were not configured properly, and in March a serious vulnerability was discovered in the software’s phpMoAdmin tool. The hack now discovered follows that of toy manufacturer VTech, which involved a total of 11 million accounts, including 6.4 million from children.