With the Christmas season coming to a close, it seemed as if we were ready to wrap up the keyboard and get on with the whole jolliness and mirth of the season. Unfortunately the bad guys of the internet insured that we’d have at least one more entry to warn you about before Saint Nicholas heads down your chimney.
You see it looks like the naughty hackers are adding one more victim to the list that already included VTech and Hello Barbie. The newest victim? Hello Kitty, or more precisely sanriotown.com. Sanriotown is the official online community for fans of Sanrio’s roster of characters that include Hello Kitty, Bad Badtz-Maru, KeroKeroKeroppi and more.
— SecuriTay (@SwiftOnSecurity) December 20, 2015
According to Salted Hash, researcher Chris Vickery discovered the data breach (which occurred as early as November, 22) exposed birthdays, first & last name, email address, gender and country of origin along with password questions and answers.
Unlike many breaches, what makes this more troubling is that many of the accounts are believed to be of children which could mean that the data stolen will not become visible for years as many parents do not monitor the credit of their bouncing bundles of joy.
As of the writing of this post, Sanrio does not have an official statement on their site in regards to the breach, instead they have cut and pasted a snippet from a Gizmodo article outlining Vickery’s discovery along with the fact that the breach was indeed troubling.
And the big question is: “Now what?”
Unfortunately, like all hacks no one can be sure as to what extent the data will be used or sold. Given the fact that this site is primarily for kids, you have to get a bit more pissed off.
Instead of yelling to the sky or banging on a keyboard, we’d like to call this a wake-up call for parents and how they look at data security on the web not only for themselves, but also for their kids. The biggest thing is to really be in control as to what data of children is being shared online and with whom. The tips given in this post in regards to the VTech hack still hold true and are worth re-reading for parents and grandparents.
— Kaspersky Lab (@kaspersky) November 30, 2015
We would also suggest that you change ALL passwords and security questions if you have a Sanriotown account and re-use the same passwords for some other services. Given that the breach outlines security questions and answers, there is no telling how far the data exposed can reach.