A database for sanriotown.com, the official online community for Hello Kitty and other Sanrio characters, has been discovered online by researcher Chris Vickery. The database houses 3.3 million accounts and has ties to a number of other Hello Kitty portals. Security experts from MIRACL, Tripwire, Lieberman Software and ESET, discuss the issue.
[su_note note_color=”#ffffcc” text_color=”#00000″]Brian Spector, CEO of MIRACL :
“If you think you may have been affected, change your passwords for this site, and if you reuse the same password on multiple sites including this affected one, change all of them immediately.
Businesses should strive to use authentication technologies that eliminate the risk of username / password database breaches.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Jonathan Sander, VP of Product Strategy at Lieberman Software:
“If your child’s account got caught up in the Hello Kitty breach, it’s a good opportunity to teach them a security lesson early. No one should use the same username (or email) and password combination for multiple websites. When you do, a breach on one means you’re compromised on all.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire:
“Every time you enter information into a field on a web page and click submit, that data is transmitted and stored, and could be exposed at some point in the future. Your identity is valuable, and the pieces of it that an organization collects are worth stealing.
We don’t yet know whether this data was exposed through negligence, malicious activity, or some other means. It’s like seeing an abandoned car crash on the side of the road; something bad clearly happened, but what it was remains a mystery.
With an appropriate response, Sanrio is unlikely to experience significant damage from this incident. Companies that plan for a breach, and design a response ahead of time, can mitigate the most serious possible impacts and reduce the cost of the breach.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Mark James, Security Specialist at IT Security Firm ESET:
“Data breaches are becoming more and more common these days but it’s always more of a concern when the information is likely to contain details about minors, not that anyone’s data is more or less important than anyone else’s of course, but the concern is the data could have a higher success rate at being used to further the intentions of bad people. As adults we get inundated with emails to click here or sign up here and most thankfully end up in the recycle bin but children are a lot more susceptible to that email that reads “Click here – for that new in game item” or new website that promises to give them something they don’t already have but NEED to own. The fact that our children are getting their own email addresses and having access to a lot more online devices younger and younger poses a real threat when this type of data is found in the ethers of shady servers or websites.
We need to ensure more than ever that we educate our children on the importance of engaging us and seeking help and guidance when dealing with emails, explaining and even showing them the dangers of clicking email links or heading off to the latest “must see” website. Explaining that it may be the reason for slow devices or even not being able to use them while they are cleaned or even reinstalled might help get the facts across. Ensuring all devices are kept up to date and making sure a good internet security product is installed where possible will help combat any later attempts at using this data for purposes of malware infection, make sure you are very wary of any company asking for more info or to validate details that have already been submitted.
Companies need to understand that all data has a value especially information about minors, I know it’s easy to state that an adult MUST help you sign up and a minimum age is required to use your services but when has that ever stopped someone? Yes, we are responsible for our children, but you are also responsible for doing as much as you possibly can to protect that data if you’re going to request and store it electronically.”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.