{"id":10916,"date":"2015-12-21T09:00:08","date_gmt":"2015-12-21T14:00:08","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=10916"},"modified":"2017-09-24T11:22:54","modified_gmt":"2017-09-24T15:22:54","slug":"hello-kitty-hacked","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/hello-kitty-hacked\/10916\/","title":{"rendered":"Hello Kitty Hacked, 3.3 million accounts compromised"},"content":{"rendered":"<p>With the Christmas season coming to a close, it seemed as if we were ready to wrap up the keyboard and get on with the whole jolliness and mirth of the season. Unfortunately the bad guys of the internet insured that we\u2019d have at least one more entry to warn you about before Saint Nicholas heads down your chimney.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2015\/12\/06023402\/hello-kitty-hacked-FB.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2015\/12\/06023402\/hello-kitty-hacked-FB.jpg\" alt=\"Hello Kitty Hacked, 3.3 million accounts compromised\" width=\"1280\" height=\"1280\" class=\"aligncenter size-full wp-image-10922\"><\/a><\/p>\n<p>You see it looks like the naughty hackers are adding one more victim to the list that already included <a href=\"https:\/\/threatpost.com\/data-on-5-million-users-compromised-in-breach-at-toy-maker-vtech\/115495\/\" target=\"_blank\" rel=\"noopener nofollow\">VTech<\/a> and <a href=\"http:\/\/www.theguardian.com\/technology\/2015\/nov\/26\/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children\" target=\"_blank\" rel=\"noopener nofollow\">Hello Barbie<\/a>. The newest victim? Hello Kitty, or more precisely sanriotown.com. Sanriotown is the official online community for fans of Sanrio\u2019s roster of characters that include Hello Kitty, Bad Badtz-Maru, KeroKeroKeroppi and more.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">HELLO KITTY DATABASE LEAKED<br> <a href=\"https:\/\/t.co\/db6m1ulIon\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/db6m1ulIon<\/a> <a href=\"https:\/\/t.co\/Us7TkcfrKA\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/Us7TkcfrKA<\/a><\/p>\n<p>\u2014 SwiftOnSecurity (@SwiftOnSecurity) <a href=\"https:\/\/twitter.com\/SwiftOnSecurity\/status\/678600897505525760?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">December 20, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><a href=\"http:\/\/www.csoonline.com\/article\/3017171\/security\/database-leak-exposes-3-3-million-hello-kitty-fans.html\" target=\"_blank\" rel=\"noopener nofollow\">According to Salted Hash<\/a>, researcher Chris Vickery discovered the data breach (which occurred as early as November, 22) exposed birthdays, first &amp; last name, email address, gender and country of origin along with password questions and answers.<\/p>\n<p>Unlike many breaches, what makes this more troubling is that many of the accounts are believed to be of children which could mean that the data stolen will not become visible for years as many parents do not monitor the credit of their bouncing bundles of joy.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2015\/12\/06023405\/Hello-Kitty-1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2015\/12\/06023405\/Hello-Kitty-1.png\" alt=\"Hello Kitty Hacked, 3.3 million accounts compromised\" width=\"2002\" height=\"1200\" class=\"aligncenter size-full wp-image-10918\"><\/a><\/p>\n<p>As of the writing of this post, Sanrio does not have an official statement on their site in regards to the breach, instead they have cut and pasted a snippet from a Gizmodo article outlining Vickery\u2019s discovery along with the fact that the breach was indeed troubling.<\/p>\n<p>And the big question is: \u201cNow what?\u201d<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2015\/12\/06023407\/Hello-Kitty-2-.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2015\/12\/06023407\/Hello-Kitty-2-.png\" alt=\"Hello Kitty Hacked, 3.3 million accounts compromised\" width=\"1476\" height=\"1028\" class=\"aligncenter size-full wp-image-10917\"><\/a><\/p>\n<p>Unfortunately, like all hacks no one can be sure as to what extent the data will be used or sold. Given the fact that this site is primarily for kids, you have to get a bit more pissed off.<\/p>\n<p>Instead of yelling to the sky or banging on a keyboard, we\u2019d like to call this a wake-up call for parents and how they look at data security on the web not only for themselves, but also for their kids. The biggest thing is to really be in control as to what data of children is being shared online and with whom. The tips given <a href=\"https:\/\/www.kaspersky.com.au\/blog\/vtech-toys-hacked\/10697\/\" target=\"_blank\" rel=\"noopener\">in this post in regards to the VTech hack<\/a> still hold true and are worth re-reading for parents and grandparents.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/parents?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#parents<\/a> Data on 5 Million Users Compromised in Breach at Toy Maker VTech: <a href=\"https:\/\/t.co\/iahrhCdiBp\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/iahrhCdiBp<\/a> via <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@threatpost<\/a> <a href=\"https:\/\/t.co\/pxZ4k8PJez\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/pxZ4k8PJez<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/671397751477899264?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 30, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>We would also suggest that you change ALL passwords and security questions if you have a Sanriotown account and re-use the same passwords for some other services. Given that the breach outlines security questions and answers, there is no telling how far the data exposed can reach.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With Christmas less than a week away, it seems fitting that Hello Kitty is latest site geared at kids that has been hacked.<\/p>\n","protected":false},"author":636,"featured_media":10921,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,9],"tags":[314,189,899,1345,1346,187],"class_list":{"0":"post-10916","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-tips","9":"tag-data-breach","10":"tag-data-security","11":"tag-hack","12":"tag-hello-kitty","13":"tag-parenting-tips","14":"tag-passwords"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hello-kitty-hacked\/10916\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/hello-kitty-hacked\/6442\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/hello-kitty-hacked\/6538\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/hello-kitty-hacked\/6483\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/hello-kitty-hacked\/7403\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/hello-kitty-hacked\/7118\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/hello-kitty-hacked\/10285\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hello-kitty-hacked\/10916\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/hello-kitty-hacked\/6640\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/hello-kitty-hacked\/9925\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/hello-kitty-hacked\/10285\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hello-kitty-hacked\/10916\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/data-breach\/","name":"data breach"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/10916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/636"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=10916"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/10916\/revisions"}],"predecessor-version":[{"id":17945,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/10916\/revisions\/17945"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/10921"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=10916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=10916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=10916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}