Over on Salted Hash, Steve Ragan reports on yet another MongoDB Database leak uncovered by Chris Vickery. This one involves a database for sanriotown.com, the official online community for Hello Kitty and other Sanrio characters. As such, a lot of children’s information may be in the database.
The records exposed include first and last names, birthday (encoded, but easily reversible Vickery said), gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers, and other data points that appear to be website related.
Vickery also noted that accounts registered through the fan portals of the following websites were also impacted by this leak: hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com.
Read more on Salted Hash.
This is the second time this year Sanrio has reportedly leaked data. In April, I reported on a shareholder information leak.
Update: Steve Ragan has provided an update after Sanrio confirmed to Salted Hash that the exposed Hello Kitty database contained information on 186,261 minors, or those under the age of 18.
“That’s the bad news,” Steve writes. “The good news is that, as mentioned yesterday, the leaked databases have been secured and the company’s investigation so far shows that Vickery was the only person to have accessed the data.”
Read more on Salted Hash.