- Bill Mitchell, the Trump-loving QAnon scammer, is pushing ammunition for a civil war 4 Years Ago
- How to stream Tigres vs. Cruz Azul in the Leagues Cup final 4 Years Ago
- How to stream Bayern Munich vs. Belgrade Red Star in Champions League action 4 Years Ago
- HBO Max gains the streaming rights to ‘The Big Bang Theory’ 4 Years Ago
- Everyone hates this Russian rapper’s pro-Putin music video Today 10:34 AM
- Skull fire logs are here to make you look like a gleeful murderer Today 10:30 AM
- High school cheerleading team put on probation for waving Trump banner during a game Today 10:12 AM
- ‘Battlestar Galactica’ is getting a reboot from the creator of ‘Mr. Robot’ Today 9:17 AM
- Sean Spicer is already alleging judges are out to get him on DWTS Today 8:52 AM
- Netflix’s ‘Jupiter’s Legacy’ loses showrunner halfway through filming Today 7:36 AM
- ‘Disenchantment’ season 2 starts strong but falls into familiar trappings Today 7:00 AM
- Are Ben Shapiro fans organizing against his opponents on Twitter? Today 6:30 AM
- iPhone overloaded? Here’s how to cancel app subscriptions Monday 11:02 PM
- Fan-created ‘app’ lets users experience the final moments of the ill-fated Jeremy Renner app Monday 10:00 PM
- Milo Yiannopoulos receives lifetime ban from furry convention Monday 7:49 PM
Hello Kitty database hack exposes 3.3 million fans’ private info
Leaked data includes real names, birth dates, and passwords.
Last week, 31-year-old IT support specialist Christopher Vickery uncovered a major breach in a widely reviled utility tool for Apple computers. This week, he’s moved on to a different side of the Internet—Hello Kitty and its millions of fans.
Vickery reportedly provided evidence to security news site CSO Online that the personal data of 3.3 million Hello Kitty fans is not secure. Vickery claimed to have obtained the information from multiple databases on Sanrio’s Hello Kitty website. Among the data he was allegedly able to access were full names, birth dates, “unsalted” passwords, and answers to password recovery hints.
Vickery is a type of hacker sometimes known as a security researcher—the kind who looks for ways to exploit website or software security and alerts the public about any data breaches they might find. Vickery found databases pulling information from numerous Sanrio websites, including the U.S., Singaporean, Malaysian, and Thai versions of the main Hello Kitty website, as well as MyMelody.com. The data may have been exposed as early as Nov. 22.
CSO Online reported that Sanrio had been contacted about the breach, and encouraged parents and children who frequented the Hello Kitty website to make sure the password they used there wasn’t duplicated on other websites they access regularly.
Vickery did not immediately respond to a request for comment.
Aja Romano is a geek culture reporter and fandom expert. Their reporting at the Daily Dot covered everything from Harry Potter and anime to Tumblr and Gamergate. Romano joined Vox as a staff reporter in 2016.