Hello Kitty is a Internet’s cutest new confidence threat.
Parents are on warning after 3.3 million user certification for a website sanriotown.com were found in an online database. SanrioTown, a central website for Hello Kitty and other Sanrio fondle brands, is a renouned end for children. Now these users’ names, genders, birthdays, and cue retrieval questions are accessible online.
Hackers began storing SanrioTown user information in an online database, with copies on during slightest dual backup servers as early as November, confidence researcher Chris Vickery found. Userdata from a associated Sanrio sites hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com were also enclosed in a leak.
The databases enclosed users’ full names, birthdays, genders, nationalities, email addresses, and cue retrieval questions.
The database also enclosed passwords, that were saved as “unsalted SHA-1 cue hashes,” an encryption form that stores passwords as array of scrambled letters and numbers. While these encrypted passwords competence seem presumably secure, they are fabricated regulating a same key. Users with a same passwords will be represented by a same array of scrambled letters, permitting hackers to build databases of common passwords and mangle into accounts.
Children, who are expected to use SanrioTown and doubtful to deposit many bid into hack-resistant passwords, are quite receptive to this kind of attack.
The databases did not enclose credit label information, nonetheless SanrioTown accepts credit cards for online purchases and donations. But entrance to one cue can lead hackers to users’ profiles on other sites.
Approximately 55 percent of adults use a same cue for many of their online profiles, a 2013 study by a U.K.-based communications watchdog found. Salted Hash, a bonds blog that initial reported a SanrioTown leak, is advising users to change their passwords and confidence questions on other websites, generally on online banking sites and amicable media platforms that enclose personal information.
Hello Kitty is not a initial fondle to be hacked this year.
The likewise named Hello Barbie is also underneath scrutiny, after hackers suggested that a creepy, WiFi-enabled doll was a confidence nightmare. Hello Barbie annals and stores children’s voices, and speaks to children formed on their prior conversations. The small blonde doll is always listening, uploading information around unprotected internal WiFi networks.
Weak confidence and immature users could make Hello Barbie a child predator’s favorite toy, dual relatives have claimed in a lawsuit opposite Barbie-manufacturer Mattel.
“It’s interactive, so if someone hacks into a server they could technically take over and ask questions like ‘Where do we live?’ or ‘Is anybody home?’” counsel Michael Kelly told The Daily Beast this month. “You’re not traffic with efficient adults, you’re traffic with unprotected small kids.”
An conflict on fondle manufacturer VTech in Nov unprotected even some-more users’ information, leaking photos, discuss logs, and personal information for scarcely 5 million relatives and children. A 21-year-old U.K. male acquired user information from VTech’s Kid Connect program, an app that allows children on VTech tablets to promulgate with their parents’ smartphones.
“I can get a pointless Kid Connect account, demeanour by a dump, couple them to their round of friends, and a primogenitor who purebred during Learning Lodge [VTech’s app store],” a hacker, who does not devise to tell a leak, told Motherboard. “I have a personal information of a primogenitor and a form pictures, emails, [Kid Connect] passwords, nicknames…of everybody in their Kid Connect contacts list.”
News of SanrioTown’s penetrate was expelled on Saturday, though a association usually released a open matter on Monday. “The purported confidence crack of a SanrioTown site is now underneath investigation,” Sanrio told The Daily Beast. “Information will be done accessible once confirmed.”
In lieu of a warning to users, SanrioTown’s latest Facebook post is a animation sketch of soft, pastel bunnies in baker’s hats.
“Life is all about holding risks,” a post tells SanrioTown’s 1.4 million Facebook followers, any of whom competence have unknowingly unprotected their information to hackers. “If we never take risks, afterwards you’ll never know what you’re able of.”