Over the course of this year, data privacy has become even more a growing concern with quite a lot of high profile hacks occurring. You might remember Ashley Madison, a dating site for married people, where 32 million accounts were leaked, or perhaps T-Mobile where the information of 15 million customers got stolen. Today, yet another website was added to the list of victims, as the database of Sanriotown was breached and leaked online.
While the name "Sanriotown" might not ring a bell for most of us, it might say more for children, as Sanrio is the Japanese company behind figures like Hello Kitty. The Sanriotown website is its official community website, which shares its database with other websites like hellokitty.com and several other localized versions of this website. Because of this, it"s likely that most of the victims of the hack are children.
The information that has been leaked online contains the names, the passwords, dates of birth, gender, countries and e-mail addresses of the users. In addition, the database also contains security questions and answers. Because of this, it"s advised that if you (or your child) have an account on these sites, that you change your password and security questions immediately, as well as on all the sites that you have used these on.
While the passwords were encrypted in the database, the (SHA-1) algorithm used is outdated, and since no salts were used, these passwords are easily hacked.
This hack is already the second big database breach this month for childrens" websites, as earlier the database of VTech was also compromised.
Source: CSO