Up to 3.3 million Hello Kitty users have had their personal data exposed due to a database breach at the brand’s online community SanrioTown.com, a security researcher has discovered….The exposed records include users’ names, birthdates, gender, nationality, email addresses, unsalted SHA-1 password hashes, and password hint questions.
“While having sensitive details exposed is bad enough for adults, when the information relates to a child it’s far worse.
“If someone managed to compromise a child’s identity, the fraud might not be detected for years because most parents don’t monitor their child’s credit record,” noted Salted Hash writer Steve Ragan.
In addition to the primary Sanriotown database, two additional backup servers containing mirrored data were also compromised, it said.
The earliest known date of publication for the private information was 22 November this year
Sanrio, as well as the ISP being used to host the database itself, have all been notified, reported the site.
Earlier this month Toymaker VTech admitted that millions of kiddies’ online profiles were left exposed to hackers – much higher than the 220,000 first feared. ®
Best to keep toys that require “membership” on the no-go list. That includes the likes of Farcebook