Database Leak Exposes 3.3 Million Hello Kitty Fans (csoonline.com)

← Back to Stories (view on slashdot.org)

Database Leak Exposes 3.3 Million Hello Kitty Fans (csoonline.com)

Posted by samzenpus on Sunday December 20, 2015 @01:15PM from the herding-kitties dept.

itwbennett writes: "A database for sanriotown.com, the official online community for Hello Kitty and other Sanrio characters, has been discovered online by researcher Chris Vickery," writes CSO's Steve Ragan, who was contacted about the leak Saturday evening. The database houses 3.3 million accounts containing records including first and last names, email addresses, unsalted SHA-1 password hashes, password hint questions and their corresponding answers, along with other information. The database also has ties to a number of other Hello Kitty portals.

8 of 92 comments (clear)

Min score:

Reason:

Sort:

Super Happy Security Breach Error Get! by carlhaagen · 2015-12-20 13:25 · Score: 5, Funny

=(^.^)= Kawaiiiii!
Less shocking than Hello Kitty not being a cat by buchner.johannes · 2015-12-20 13:36 · Score: 3, Interesting

This is the first leak I have seen where the password hint questions are leaked too. Will be interesting to see how users in the real world link passwords and password hints, and if algorithms can be developed to uncover 99% of all passwords/answers from password hints -- I presume many password hints contain the answer or substantial parts of it (e.g. "pass + 123" = "pass123").

--
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
Re:The question is by Anonymous Coward · 2015-12-20 13:39 · Score: 5, Funny

What website is there with security that can't be penetrated?

I pen-tested a website for a celibacy group and didn't find any holes.
Slashdotters live in terror... by 93+Escort+Wagon · 2015-12-20 13:59 · Score: 3, Funny

... that their secret may now come out. Oh, well, it could be worse - it could've been a My Little Ponies site.

--
#DeleteChrome
1. Re:Slashdotters live in terror... by R3d+M3rcury · 2015-12-20 14:14 · Score: 5, Funny
  
  I was just going to say, hackers will be taking a page out of Ashley Madison:
  "If you don't want your friends to know of your 'Hello Kitty' purchases, transfer $10,000 to this account in the Bahamas..."
I have a great idea! by Anonymous Coward · 2015-12-20 14:08 · Score: 5, Insightful

Step 1. Lay off the sysadmin, the DBA, the network admin, and the developer
Step 2. Hire a "full stack developer" and pay him one below-market salary to do 4 peoples' jobs at once
Step 3. ???
Step 4: PROFIT!!!
Re:The question is by TWX · 2015-12-20 14:44 · Score: 4, Funny

What website is there with security that can't be penetrated?
I pen-tested a website for a celibacy group and didn't find any holes.
Funny that, I penetration-tested a celibacy group and ultimately the group lost all of its membership...

--
Do not look into laser with remaining eye.
Could someone expose the Slashdot user database ? by LordHighExecutioner · 2015-12-20 23:11 · Score: 3, Funny

I am so curious to learn who is behind the user name "Anonymous Coward". He is such a prolific, sleepless contributor...