Latest News

Update to security advisory from December 22, 2015

January 14, 2017

Sanrio Digital

 

 

Update to security advisory from December 22, 2015

 

Sanrio Digital recently received evidence that a 2015 data breach of the SanrioTown web site involved some user data theft. Please note that this is an update about the 2015 incident, and not an existing vulnerability.

 

On December 22, 2015, Sanrio Digital issued a security advisory stating that personal information belonging to members of the consumer website SanrioTown.com was made publicly accessible by a security vulnerability. The vulnerability was corrected and SanrioTown users were notified of the problem (see:  http://sanriodigital.com/story/security-advisory).

 

At the time, we had no evidence of data theft, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolen during the 2015 data breach. According to Mr Ragan, a database containing information of 3,345,168 SanrioTown users has been circulating since the time of the incident. He received the sample records from LeakedSource containing information of 30 SanrioTown users. We have verified that these sample records appear to be real. We cannot, however, relate the source of such sample records to the 2015 data breach and we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolen during the 2015 SanrioTown data breach.

 

These stolen data do notinclude credit card information or other payment information. Users’ passwords are encrypted with the cryptographic hash function SHA-1.

 

Membership data of SanrioTown are notshared with other Sanrio services or websites (such as Sanrio.com), therefore other Sanrio services were not affected.

 

Starting on December 22, 2015, SanrioTown and Sanrio Digital notified users about the incident, advising them to change their passwords. Media were also notified.

 

 

Detailed Information of the 2015 data breach

1.    Personal user information stolen:

 

First and last name

Birthday (encoded)

Gender

Country

Email address

Password (encrypted using SHA-1 hashes)

Password hint questions

 

2.    Number of users affected

 

Potentially 3,345,168 SanrioTown accounts as reported by Steve Ragan, based on information provided by LeakedSource.

 

3.    Circumstances

 

Owing to server misconfiguration, some personal information of SanrioTown.com members was visible to people actively seeking it.

 

4.    Response

 

The vulnerability was corrected and SanrioTown users were notified starting on December 22, 2015. Sanrio Digital advised SanrioTown users to change their passwords on SanrioTown as well as passwords on other online services and accounts if they used similar passwords or hint questions.

 

5.    Preventive measures

 

Sanrio Digital installed additional security mechanisms on SanrioTown servers and instituted additional periodic security reviews.

 

6.    Contact

 

General inquiries:

Please contact Sanrio Digital at info@sanriodigital.com

 

Media inquiries only:

Mark Leeper (on behalf of Sanrio Digital)

Matrix Communications Limited

email: mark@matrixcom.org

Tel: +852 9142-1510

Update to security advisory from December 22, 2015

January 14, 2017

Sanrio Digital

 

 

Update to security advisory from December 22, 2015

 

Sanrio Digital recently received evidence that a 2015 data breach of the SanrioTown web site involved some user data theft. Please note that this is an update about the 2015 incident, and not an existing vulnerability.

 

On December 22, 2015, Sanrio Digital issued a security advisory stating that personal information belonging to members of the consumer website SanrioTown.com was made publicly accessible by a security vulnerability. The vulnerability was corrected and SanrioTown users were notified of the problem (see:  http://sanriodigital.com/story/security-advisory).

 

At the time, we had no evidence of data theft, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolen during the 2015 data breach. According to Mr Ragan, a database containing information of 3,345,168 SanrioTown users has been circulating since the time of the incident. He received the sample records from LeakedSource containing information of 30 SanrioTown users. We have verified that these sample records appear to be real. We cannot, however, relate the source of such sample records to the 2015 data breach and we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolen during the 2015 SanrioTown data breach.

 

These stolen data do notinclude credit card information or other payment information. Users’ passwords are encrypted with the cryptographic hash function SHA-1.

 

Membership data of SanrioTown are notshared with other Sanrio services or websites (such as Sanrio.com), therefore other Sanrio services were not affected.

 

Starting on December 22, 2015, SanrioTown and Sanrio Digital notified users about the incident, advising them to change their passwords. Media were also notified.

 

 

Detailed Information of the 2015 data breach

1.    Personal user information stolen:

 

First and last name

Birthday (encoded)

Gender

Country

Email address

Password (encrypted using SHA-1 hashes)

Password hint questions

 

2.    Number of users affected

 

Potentially 3,345,168 SanrioTown accounts as reported by Steve Ragan, based on information provided by LeakedSource.

 

3.    Circumstances

 

Owing to server misconfiguration, some personal information of SanrioTown.com members was visible to people actively seeking it.

 

4.    Response

 

The vulnerability was corrected and SanrioTown users were notified starting on December 22, 2015. Sanrio Digital advised SanrioTown users to change their passwords on SanrioTown as well as passwords on other online services and accounts if they used similar passwords or hint questions.

 

5.    Preventive measures

 

Sanrio Digital installed additional security mechanisms on SanrioTown servers and instituted additional periodic security reviews.

 

6.    Contact

 

General inquiries:

Please contact Sanrio Digital at info@sanriodigital.com

 

Media inquiries only:

Mark Leeper (on behalf of Sanrio Digital)

Matrix Communications Limited

email: mark@matrixcom.org

Tel: +852 9142-1510

Join Hello Kitty on her birthday bash in Hello Kitty Jewel Town!

Exciting news, townspeople: It's Hello Kitty's birthday, so Jewel Town has lots of new things in store for everyone!

 

  • In-game packages will be Buy One, Get One, FREE from the 26th of Oct. to the 15th of Nov.
  • Introducing Town Scene mode, where you can view a panorama of the entire town!
  • Create your home beside 6 of your favorite Sanrio characaters and peek into their homes with the all-new Neighbor mode!
  • Collect 11 colorful new birthday-themed furniture from the Gashapon!
  • 10 challenging and exciting new stages to play! • Look adorable like Hello Kitty with cute NEW bow ribbon stickers!
  • New 3-Star Achievement system to test your mastery! More rewards and more replayability!

Watch: https://youtu.be/45AW9aDWElg

Don't be late to the party! Grab the latest update now and join all your neighbors in the celebrations! Happy Birthday, Hello Kitty!

Hello Kitty Cafe available on KurioTabletUSA's Xtreme 2!

Summer fun alert!

Hey, everyone! You can now play Hello Kitty Cafe on @KurioTabletUSA's Xtreme 2, the durable android designed for kids, without having to download the app!

Have tons of kitty-rrific fun on this amazing kid-friendly tablet! Check it out: http://bit.ly/1sOWnzr

Celebrate the Lunar New Year with Hello Kitty!

Happy Lunar New Year, everyone!
 
 
 
Hello Kitty is spreading joy and prosperity this fabulous Lunar New Year! To celebrate the wondrous Year of the Monkey, Hello Kitty is giving away 200 Kitty Points in Hello Kitty Cafe (Android version) from February 5 to 11, 2016! Launch the game to get your free Kitty Points!
 
 All the best for an auspicious and prosperous New Year!

Powered by Drupal | Site developed by PantaRei Design | 2010