Database Leak Exposes 3.3 Million Hello Kitty Fans

itwbennett writes: "A database for sanriotown.com, the official online community for Hello Kitty and other Sanrio characters, has been discovered online by researcher Chris Vickery," writes CSO's Steve Ragan, who was contacted about the leak Saturday evening. The database houses 3.3 million accounts containing records including first and last names, email addresses, unsalted SHA-1 password hashes, password hint questions and their corresponding answers, along with other information. The database also has ties to a number of other Hello Kitty portals.

Less shocking than Hello Kitty not being a cat

[buchner.johannes]

This is the first leak I have seen where the password hint questions are leaked too. Will be interesting to see how users in the real world link passwords and password hints, and if algorithms can be developed to uncover 99% of all passwords/answers from password hints -- I presume many password hints contain the answer or substantial parts of it (e.g. "pass + 123" = "pass123").