Misconfigured database left SanrioTown user information openly accessible.
If you have a SanrioTown account, like this humble Hello Kitty-loving writer, you might want to change your passwords, especially if you use identical or similar passwords across other sites.
▼ And then have an ice cream cone, because that’s a lot of work!
According to an article on CSO, a computer security website, a database with 3.3 million SanrioTown accounts has leaked information online. The leak, which was discovered by security researcher Chris Vickery on the 19, was reported to Sanrio, their ISP hosting the database, and various security websites last week. The database apparently revealed the full names, birthdays, gender, country of origin, email address, password hashes, password hints and answers, and more to anyone who accessed it.
▼ Fortunately, it not did include information about your smartwatch wallpaper.
Though the passwords were encrypted, it was done so using SHA-1, which some have said is potentially quite weak (several browsers have announced that they will no longer accept SHA-1 in coming years). Fortunately, according to an update on CSO, the leak has been secured.
Obviously, Sanrio and its characters like Hello Kitty and My Melody are hugely popular with people of all ages around the world, which means many of the compromised accounts belong to children. If you have kids with SanrioTown accounts, you may want to consider getting a free credit report for them to ensure their personal information hasn’t been stolen or used nefariously.
As for the cause of the leak, it seems that this wasn’t actually a hack by Hello Kitty haters or the North Korean army, but rather a misconfigured database. Sanrio hasn’t stated the cause of the misconfiguration, though they released a statement (pictured above) upon fixing the problem indicating that they have implemented additional security “mechanisms” and that they will perform regular reviews in the future. Sanrio also stated that they do not believe any information was stolen.
This isn’t the first leak Sanrio has experienced this year, so hopefully they’ll have fewer problems next year. Maybe they should have Hello Kitty study computer science for her next job!