Is nothing sacred? The answer, it seems, is no. Not even Hello Kitty. A database containing the details of 3.3 million accounts from SanrioTown.com, the official online community for Sanrio and Hello Kitty fans, has been discovered online.
“The database contains everything an enterprising data thief could possibly ask for.”
According to the report over at Salted Hash, the database contains users’ full names, birth date, gender, country of origin, email addresses, password hint questions and their corresponding answers, as well unsalted SHA-1 password hashes. Basically, everything an enterprising data thief could possibly ask for.
The discovery was made by security researcher Chris Vickery. But this isn’t the first time he’s found exposed databases just waiting to be looted. In recent weeks, Vickery and others have brought to light a vast amount of exposed data – there are tens of thousands of databases at risk. One recent high-profile case revealed by Vickery saw MacKeeper‘s database of 13 million customers – all 21 gigabytes of it – left exposed.
These databases have one thing in common: they’re all exposed via the Shodan search engine, a tool that allows users to search for specific types of computers attached to the internet, such as servers, routers, or even more esoteric devices such as home heating systems, security systems and traffic lights.
The founder of Shodan, John Matherly, recently discovered no less than 35,000 publicly accessible databases – all using MongoDB database software – which collectively exposed 684.8 terabytes of data.
In his blog, Matherly makes clear that this issue isn’t unique to MongoDB, but is instead largely due to user error. In fact, the newer versions of MongoDB close the potential security hole by default, but apparently users are actively changing the default configuration to one that is less secure.
“I can’t stress enough that this problem is not unique to MongoDB: Redis, CouchDB, Cassandra and Riak are equally impacted by these sorts of misconfigurations.”
Oops. Well, unsurprisingly, it turns out that Hello Kitty is much, much better at being cute than securing database servers.
Related Posts
How to Find and Unfollow Instagram Users Who Don’t Follow You Back
How to Transfer Data from an iPhone to a Samsung Phone
How to Download Historical Data from Yahoo Finance
How to Recover Deleted App Data on iPad
How to Recover Deleted App Data on iPhone
How To Prevent an App From Using Data on an Android Device
How To Prevent an App Using Data on the iPhone
The Best Data Recovery Software
How to Fix Cellular Data Not Working on iPad
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
