Sanrio Digital fixed a security vulnerability on December twenty second two thousand fifteen. This security hole could have affected their SanrioTown.com members. This security flaw left personal information accessible to public outside sources.
This vulnerability has been fixed and this company is performing investigations. They are not aware that any personal information was taken or any member accounts compromised.
Chris Vickery, a security researcher claimed on December nineteen two thousand fifteen that personal information like names, date of birth, gender, were publicly available. SanrioTown.com members data was accessible potentially to people that knew specific internet protocal addresses of servers with this vulnerability. Sanrio Digital claims that payment information including credit card numbers was not accessible.
SanrioTown.com members passwords were accessible but encrypted with Secure Hash Algorithm one function. Also, Sanrio Digital claims that their other websites data was not vulnerable and seperate from this security flaw. Fixes were applied and those vulnerable servers were secured once again.
An internal investigation is currently being performed into this security hole. Personal member information that may have been accessible to public users:
* Both first and last name
* Date of birth
* Personal email address
* Password encrypted with Secure Hash Algorithm
* Password hint questions
Around three million three hundred thousand member account data was potentially publicly accessible. Sanrio Digital claims this vulnerability was caused by server misconfiguration. They recommend SanrioTown.com members change their passwords.
Sanrio Digital claims they installed additional security measures. You can read Sanrio Digital’s official security advisory. Also, you can contact them at firstname.lastname@example.org.