Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security Privacy The Internet Your Rights Online

Database Leak Exposes 3.3 Million Hello Kitty Fans (csoonline.com) 92

itwbennett writes: "A database for sanriotown.com, the official online community for Hello Kitty and other Sanrio characters, has been discovered online by researcher Chris Vickery," writes CSO's Steve Ragan, who was contacted about the leak Saturday evening. The database houses 3.3 million accounts containing records including first and last names, email addresses, unsalted SHA-1 password hashes, password hint questions and their corresponding answers, along with other information. The database also has ties to a number of other Hello Kitty portals.
This discussion has been archived. No new comments can be posted.

Database Leak Exposes 3.3 Million Hello Kitty Fans

Comments Filter:
  • by carlhaagen ( 1021273 ) on Sunday December 20, 2015 @09:25PM (#51156373)
    =(^.^)= Kawaiiiii!
    • Re: (Score:2, Funny)

      by Anonymous Coward

      This is horrible! I'd rather have my Grindr account exposed! Oy! Whatta meesa sayin'?

    • Re: (Score:1, Flamebait)

      by Tablizer ( 95088 )

      Now they can get a life and go out to eat at "Super Lucky Happy Golden Family Noodle House".

      • by Tablizer ( 95088 )

        What's with the zero mod? Is this considered racist? I don't get it. Explanation desired, please.

        Note that Hello Kitty is Japanese, while my joke mostly pokes fun at Chinese restaurant names. (I don't know if and how much Japanese restaurants borrow from that.) But I'm sure US restaurant names have patterns that can be poked fun of also. Mimi's, Arbie's, Charlie's, etc. for example.

        The person I replied to also poked fun at Chinese naming tendencies, but they didn't get mod-slammed.

  • by phantomfive ( 622387 ) on Sunday December 20, 2015 @09:34PM (#51156405) Journal
    What website is there with security that can't be penetrated?
    Don't consider things online to be safe.
  • Can Has Hashtags.
  • by buchner.johannes ( 1139593 ) on Sunday December 20, 2015 @09:36PM (#51156415) Homepage Journal

    This is the first leak I have seen where the password hint questions are leaked too. Will be interesting to see how users in the real world link passwords and password hints, and if algorithms can be developed to uncover 99% of all passwords/answers from password hints -- I presume many password hints contain the answer or substantial parts of it (e.g. "pass + 123" = "pass123").

    • by Anonymous Coward

      Fun little trick, always pick the hint questions as presented until you've chosen the required amount. Now generate an equal number of random words that you can remember. Those are now your answers in order, and unlike 99% of the password hint questions you can't find the answer with 5 minutes of google (e.g mother's maiden name, high school attended, first pet, etc).

      • by ls671 ( 1122017 )

        favorite travel destination: school
        first pet name: computing
        mother maiden name: hacking
        etc..

    • by Anonymous Coward

      I always found this "password hint" thing a huge security hole, sacrificing the bit of security there is in a user-chosen password for the benefit of the "service" provider.

      For me, the simple password is (for unimportant things) always the result of "pwgen -n 8". My favorite's pet name is the result of "pwgen -n 16", which I write down if my account is in some way important to me (highly unlikely for one having a password hint) -- or which I forget right away.

      Lost the password? lost the account. Helps me ke

    • by KGIII ( 973947 )

      Can't they hash and salt all of that - including the actual security questions and allow you to make your own hint/questions? It's not like those are called all that frequently so it shouldn't add a bunch of overhead, should it? And, if so, why the hell are we still not doing that?

  • "...unsalted SHA-1 password hashes..."

    Well, of course they're unsalted. Sodium is bad for Kitty.

    "...password hint questions and their corresponding answers..."

    Oh holy shit on a popsicle stick, I wonder how many of them aren't about cats...

  • Another reason not to buy the Hello Kitty microwave oven at Fry's Electronics.
  • by 93 Escort Wagon ( 326346 ) on Sunday December 20, 2015 @09:59PM (#51156481)

    ... that their secret may now come out. Oh, well, it could be worse - it could've been a My Little Ponies site.

    • by R3d M3rcury ( 871886 ) on Sunday December 20, 2015 @10:14PM (#51156531) Journal

      I was just going to say, hackers will be taking a page out of Ashley Madison:

      "If you don't want your friends to know of your 'Hello Kitty' purchases, transfer $10,000 to this account in the Bahamas..."

      • "If you don't want your friends to know of your 'Hello Kitty' purchases, transfer $10,000 to this account in the Bahamas..."

        Sorry, there was a language translation error for the original Japanese site. It should have read: Hello Pussy instead.

        It was actually Ashley Madison's VR "furry" site. Believe me, $10K to keep your name off that site would be cheap at TWICE the price. ;-)

        • I gotta admit, when I first saw the phrase, I thought it was a variation of Hello Nurse! [youtube.com]

          • by KGIII ( 973947 )

            I'm not clicking that link. I haven't got time for that right now. ;-) It's gotta be Animaniacs. I'm not big on TV but that was awesome and Pinky and the Brain was equally awesome. Yes, yes I did smoke a lot of weed back then.

      • You left out the account number. Please reply ASAP.

        Posting anon for obvious reasons.

        1. Sanrio finds sample emails of that sort and buys ads matching the right keywords
        2. Google serves them up to gmail users when that email is displayed
        3. End-user chooses whether to spend $10k to maybe keep their secret safe, or "Hello Kitty merch sale, just for leaked email addresses!"
        4. Profit!
    • Join the herd!
      On a side note I discovered the MLP show and community from /. comments!

    • by rossz ( 67331 )

      Nah. My Little Pony fanbros have no shame.

    • We have a hello kitty bathroom decor.
      Inherited it from girlfriend's daughter (it's her house).
      too many other things to spend money on first.

      but now the the shame is too much to bear.

      going to Bed Bath & Beyond for an emergency bathroom make over.

      with a quick stop for some booze at liquor barn...
      your supposed to redecorate bathrooms drunk, right ?

      • "We have a hello kitty bathroom decor."

        This is what happens when you let big government control your data.

      • going to Bed Bath & Beyond for an emergency bathroom make over.

        If someone there happens to sell you a remote, you'll be able to stop that Hello Kitty bathroom from ever happening in the first place.

    • ... that their secret may now come out. Oh, well, it could be worse - it could've been a My Little Ponies site.

      No, I am a Keroppi fan, I swear!

      Wait, that's not much better, is it?

      ObDisclaimer: I bought crap for my own use at Sanrio well into my twenties. My twenties, alas, have well and truly receded

    • I wonder it all my "Bad Batz Baru" purchases will be revealed?
  • by Anonymous Coward on Sunday December 20, 2015 @10:08PM (#51156511)

    Step 1. Lay off the sysadmin, the DBA, the network admin, and the developer

    Step 2. Hire a "full stack developer" and pay him one below-market salary to do 4 peoples' jobs at once

    Step 3. ???

    Step 4: PROFIT!!!

    • Lay off the sysadmin, the DBA, the network admin, and the developer...Hire a "full stack developer" and pay him one below-market...

      It's difficult to convince many managers that prevention is worth it. They are probably lied to by vendors and past staff enough such that they only pay for clear-cut and immediate needs rather than hard-to-verify prevention.

      A lot of vendors and spinner employees claim crap like, "Oh, you need to purchase/build/install a Flux capacitor to prevent the thibble-bop from overloading

  • Goodbye Kitty

  • Everything happens to me.

    • by KGIII ( 973947 )

      The little missus has Hello Kitty panties and a couple of shirts and a hat. :/ It's already a little awkward going out in public with a g/f that's nearly 40 years my junior (oh, the stares the women give me - the men smile and nod knowingly) but it's a bit more awkward when she's wearing a Hello Kitty fuzzy hat or, now that we're down here, a shirt.

      Ah well... It could be worse. She could be wearing just the hat, shirt, and panties. I'm pretty sure that someone will just shoot me at that point. It is Florida

      • It's already a little awkward going out in public with a g/f that's nearly 40 years my junior

        Especially when you're only 48 years old.

        • by KGIII ( 973947 )

          Heh, we need the pedobear gif that says, "Too old!" I was having an email chat with another /.er and we've concluded that the old ladies hate it and the old men are envious. I imagine that means nothing good can come of it. The Hello Kitty panties were kind of odd for me at first. I wasn't quite sure how to take it but I've adapted just fine. ;-)

          As an aside: Man, Florida is lovely this time of year. It was in the 70s and there were a few small showers. It's dark in Maine and probably about 32 f. at home but

  • by Anonymous Coward

    Quick Lil'Joe...to the Pentagon!

  • Maybe you lucked out from the Ashley Madison fiasco, but if your name is on this list, exposure may cost you more than you know.
  • Why do people sign up for every website they come across?

    This is a website about some japanese cat for crying out loud.

    Why do people sign up for something like this? I guess it's the same people who sign up for safeway cards, starbucks cards and other discount cards.

    I just don't get it.

    You go into the store, you buy the shit you want and you leave. Just leave it at that for crying out loud. What's wrong with these people?

    • Belonging is important. Saving money, aka spending fewer dollars on stuff you would not buy at full price, is as euphoric as drugs.

      So many other reasons. Give it some thought and come back. I'm sure you can come up with one or two more.

      You are in the minority, and it would serve you well to understand a bit about "these people".

      • Belonging is important.

        Maybe to you - but not to me.

        it would serve you well to understand a bit about "these people".

        No! I will not lower myself to that level.

        You are in the minority

        Thank you! And I am proud of that fact!

      • Belonging is important.

        You have pointed out one of civilization's biggest problems - besides a few others.

        People are afraid.

        People are afraid of being alone; afraid of not fitting in; afraid of making decisions for themselves by themselves.

        Which is the main reason for "social media" and "amazon reviews", etc.

        • To be fair though, nearly all the recent mass shooting were done by despondent loners. I prefer my people buying useless crap and hanging out on Rule 34 then gunning down innocents.
    • by BBF_BBF ( 812493 )

      Why do people sign up for every website they come across?

      This is a website about some japanese cat for crying out loud.

      Why do people sign up for something like this? I guess it's the same people who sign up for safeway cards, starbucks cards and other discount cards.

      I just don't get it.

      You go into the store, you buy the shit you want and you leave. Just leave it at that for crying out loud. What's wrong with these people?

      Yeah, why oh why do people sign up for a site like slashdot, especially when one could do it anonymously?

      This is a website about "news for geeks" for crying out loud.

      Why would MadMaverick9 sign up for something like this? I guess it's the same people who sign up for engadget, arstechnical and reddit.

      I just don't get it.

      You go to the site and read the articles and leave. Just leave it at that for crying out loud. What's wrong with MadMaverick9?

      • When the mod system came in and AC comments were modded down it was time to sign up. Then when I forgot the password and had the account linked to a previous work address I signed up again. What's your excuse :)

        The thing that will suck the most here is a pile of those users will have the same passwords out there on something else.
        Script kiddies with Hello Kitty Rainbow Tables - if someone had taken that to an SF editor a while ago it would have been thrown out as too silly and too far fetched - but now i
    • You had me until Starbucks cards; as a stored value card they are great. The account also has value in being able to pre order your drinks. Everything is relative, but whatever.

  • Bad Badtz Maru...
  • It would probably be more damaging to one's career - certainly as a hard talking politician - to be found on the Hello Kitty fan club's name list, than any revelations about drug taking, sexual deviancy or Communist sympathies. Ant chance that there were names of top terrorists among them?

  • now the poor cat has to go back to her day job. [youtube.com]

  • by LordHighExecutioner ( 4245243 ) on Monday December 21, 2015 @07:11AM (#51157611)
    I am so curious to learn who is behind the user name "Anonymous Coward". He is such a prolific, sleepless contributor...
  • I THINK, THEREFORE I'M CUTE

  • ...there [photobucket.com] is [ehost.pl] only [evilkipper.com] war. [blogspot.com]

  • Just imagine, all the possibilities, with this information.

    For fucks sakes how did this submission get accepted?
  • ... than being on the Ashley Madison list. The Hax0rs have gone too far this time!

"Indecision is the basis of flexibility" -- button at a Science Fiction convention.

Working...