Hello Kitty, Bye Bye Data: 3.3 million users at risk after SanrioTown breach

Is nothing sacred? The answer, it seems, is no. Not even Hello Kitty. A database containing the details of 3.3 million accounts from SanrioTown.com, the official online community for Sanrio and Hello Kitty fans, has been discovered online.

Hello Kitty, Bye Bye Data: 3.3 million users at risk after SanrioTown breach

“The database contains everything an enterprising data thief could possibly ask for.”

According to the report over at Salted Hash, the database contains users’ full names, birth date, gender, country of origin, email addresses, password hint questions and their corresponding answers, as well unsalted SHA-1 password hashes. Basically, everything an enterprising data thief could possibly ask for.

The discovery was made by security researcher Chris Vickery. But this isn’t the first time he’s found exposed databases just waiting to be looted. In recent weeks, Vickery and others have brought to light a vast amount of exposed data – there are tens of thousands of databases at risk. One recent high-profile case revealed by Vickery saw MacKeepers database of 13 million customers – all 21 gigabytes of it – left exposed.

These databases have one thing in common: they’re all exposed via the Shodan search engine, a tool that allows users to search for specific types of computers attached to the internet, such as servers, routers, or even more esoteric devices such as home heating systems, security systems and traffic lights.

The founder of Shodan, John Matherly, recently discovered no less than 35,000 publicly accessible databases – all using MongoDB database software – which collectively exposed 684.8 terabytes of data.

In his blog, Matherly makes clear that this issue isn’t unique to MongoDB, but is instead largely due to user error. In fact, the newer versions of MongoDB close the potential security hole by default, but apparently users are actively changing the default configuration to one that is less secure.

“I can’t stress enough that this problem is not unique to MongoDB: Redis, CouchDB, Cassandra and Riak are equally impacted by these sorts of misconfigurations.”

Oops. Well, unsurprisingly, it turns out that Hello Kitty is much, much better at being cute than securing database servers.

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

Todays Highlights
How to See Google Search History
how to download photos from google photos