Latest News

Happy 43rd Birthday, Hello Kitty!

Hello Kitty is turning 43 but it sure doesn't show, and she's giving away tons of gifts!

Enjoy $15 worth of in game currency absolutely FREE for Hello Kitty Dream Cafe, Hello Kitty Food Town, Hello Kitty Food Town, and Hello Kitty Music Party!

More in-game promos and discount packages await you in these games, so don't miss out on Hello Kitty's Birthday Bonanza!

Happy birthday, Hello Kitty!

 

 

Hello Kitty Food Town Pre-Birthday Giveaway

Hello Kitty's 43d birthday is coming up soon and because she has a generous heart, she's giving away some goodies for everyone in Hello Kitty Food Town!

Once per day, you can collect 10 gems for FREE whenever you open the game. This promo ends on the 9th of November so collect them now!

Hello Kitty Food Town: http://bit.ly/HelloKittyFoodTown

Hello Kitty Food Town Pre-Birthday Giveaway

Hello Kitty's 43d birthday is coming up soon and because she has a generous heart, she's giving away some goodies for everyone in Hello Kitty Food Town!

Once per day, you can collect 10 gems for FREE whenever you open the game. This promo ends on the 9th of November so collect them now!

Hello Kitty Food Town: http://bit.ly/HelloKittyFoodTown

Update to security advisory from December 22, 2015

January 14, 2017

Sanrio Digital

 

 

Update to security advisory from December 22, 2015

 

Sanrio Digital recently received evidence that a 2015 data breach of the SanrioTown web site involved some user data theft. Please note that this is an update about the 2015 incident, and not an existing vulnerability.

 

On December 22, 2015, Sanrio Digital issued a security advisory stating that personal information belonging to members of the consumer website SanrioTown.com was made publicly accessible by a security vulnerability. The vulnerability was corrected and SanrioTown users were notified of the problem (see:  http://sanriodigital.com/story/security-advisory).

 

At the time, we had no evidence of data theft, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolen during the 2015 data breach. According to Mr Ragan, a database containing information of 3,345,168 SanrioTown users has been circulating since the time of the incident. He received the sample records from LeakedSource containing information of 30 SanrioTown users. We have verified that these sample records appear to be real. We cannot, however, relate the source of such sample records to the 2015 data breach and we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolen during the 2015 SanrioTown data breach.

 

These stolen data do notinclude credit card information or other payment information. Users’ passwords are encrypted with the cryptographic hash function SHA-1.

 

Membership data of SanrioTown are notshared with other Sanrio services or websites (such as Sanrio.com), therefore other Sanrio services were not affected.

 

Starting on December 22, 2015, SanrioTown and Sanrio Digital notified users about the incident, advising them to change their passwords. Media were also notified.

 

 

Detailed Information of the 2015 data breach

1.    Personal user information stolen:

 

First and last name

Birthday (encoded)

Gender

Country

Email address

Password (encrypted using SHA-1 hashes)

Password hint questions

 

2.    Number of users affected

 

Potentially 3,345,168 SanrioTown accounts as reported by Steve Ragan, based on information provided by LeakedSource.

 

3.    Circumstances

 

Owing to server misconfiguration, some personal information of SanrioTown.com members was visible to people actively seeking it.

 

4.    Response

 

The vulnerability was corrected and SanrioTown users were notified starting on December 22, 2015. Sanrio Digital advised SanrioTown users to change their passwords on SanrioTown as well as passwords on other online services and accounts if they used similar passwords or hint questions.

 

5.    Preventive measures

 

Sanrio Digital installed additional security mechanisms on SanrioTown servers and instituted additional periodic security reviews.

 

6.    Contact

 

General inquiries:

Please contact Sanrio Digital at info@sanriodigital.com

 

Media inquiries only:

Mark Leeper (on behalf of Sanrio Digital)

Matrix Communications Limited

email: mark@matrixcom.org

Tel: +852 9142-1510

Update to security advisory from December 22, 2015

January 14, 2017

Sanrio Digital

 

 

Update to security advisory from December 22, 2015

 

Sanrio Digital recently received evidence that a 2015 data breach of the SanrioTown web site involved some user data theft. Please note that this is an update about the 2015 incident, and not an existing vulnerability.

 

On December 22, 2015, Sanrio Digital issued a security advisory stating that personal information belonging to members of the consumer website SanrioTown.com was made publicly accessible by a security vulnerability. The vulnerability was corrected and SanrioTown users were notified of the problem (see:  http://sanriodigital.com/story/security-advisory).

 

At the time, we had no evidence of data theft, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolen during the 2015 data breach. According to Mr Ragan, a database containing information of 3,345,168 SanrioTown users has been circulating since the time of the incident. He received the sample records from LeakedSource containing information of 30 SanrioTown users. We have verified that these sample records appear to be real. We cannot, however, relate the source of such sample records to the 2015 data breach and we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolen during the 2015 SanrioTown data breach.

 

These stolen data do notinclude credit card information or other payment information. Users’ passwords are encrypted with the cryptographic hash function SHA-1.

 

Membership data of SanrioTown are notshared with other Sanrio services or websites (such as Sanrio.com), therefore other Sanrio services were not affected.

 

Starting on December 22, 2015, SanrioTown and Sanrio Digital notified users about the incident, advising them to change their passwords. Media were also notified.

 

 

Detailed Information of the 2015 data breach

1.    Personal user information stolen:

 

First and last name

Birthday (encoded)

Gender

Country

Email address

Password (encrypted using SHA-1 hashes)

Password hint questions

 

2.    Number of users affected

 

Potentially 3,345,168 SanrioTown accounts as reported by Steve Ragan, based on information provided by LeakedSource.

 

3.    Circumstances

 

Owing to server misconfiguration, some personal information of SanrioTown.com members was visible to people actively seeking it.

 

4.    Response

 

The vulnerability was corrected and SanrioTown users were notified starting on December 22, 2015. Sanrio Digital advised SanrioTown users to change their passwords on SanrioTown as well as passwords on other online services and accounts if they used similar passwords or hint questions.

 

5.    Preventive measures

 

Sanrio Digital installed additional security mechanisms on SanrioTown servers and instituted additional periodic security reviews.

 

6.    Contact

 

General inquiries:

Please contact Sanrio Digital at info@sanriodigital.com

 

Media inquiries only:

Mark Leeper (on behalf of Sanrio Digital)

Matrix Communications Limited

email: mark@matrixcom.org

Tel: +852 9142-1510

Powered by Drupal | Site developed by PantaRei Design | 2010