3.3 million people could be affected by a recent data breach of Hello Kitty fans’ information from the website SanrioTown.com. The data included usernames passwords hints, email addresses and other sensitive information like names, birth dates and more.
The breached data was publicly available, there was no actual hacking done to obtain this information. A security researcher, Chris Vickery, notified Sanrio about the hole in their database and it has since been patched. Sanrio has made a statement that there is no evidence that any data was actually stolen. Vickery has gone to the press about this because he believes companies too easily have the ‘Oh, it won’t happen to me’ mentality”. This may bring to mind the case of the grey-hat hacker, Andrew Auernheimer (weev), who found similar flaw that displayed personal information on AT&T iPad users on public URLs. Auernheimer was later brought up on charges for conspiracy to access a computer without authorization.
Another concern about this breach is whether or not children’s information was exposed.
“Sanrio said it doesn’t create accounts for children under 13. However, the leaked information, which came from users all over the world, appears to include accounts for those under age 18.” –CNET
Sanrio hosts popular children’s games such as Hello Kitty Online.