[Warning] Are you registered on the sanriotown.com site? => READ THIS

Discussion in 'Miscellaneous' started by ShelLuser, Dec 21, 2015.

  1. Hi gang,

    For the record: I know this has been in the news already but because EMC also has lots of younger players I think it's important to share this here as well. To that end this thread will be bumped a few times (even though I hate doing that). Also: to be very honest with you guys I wouldn't be surprised if this news turns out to be fake. I'm having some serious doubts about the news source(s), but even so it's best to be safe than sore.

    HelloKitty websites hacked!

    HelloKitty is a Japanese animated character which has a strong online internet community. Most notable websites are hellokitty.com (official website) and sanriotown.com. Sanrio is the company behind Hello Kitty and other animated characters.

    A security researcher has found a user database online which is said to contain around 3,3 million user accounts from Hello Kitty website users. Both previously mentioned websites are said to have been compromised. At this point there has been no official reaction from Sanrio yet.

    You can read more about this on the security blog Salted Hash, here is the link to the article:


    What to do if your account is involved?

    Make absolutely sure that you didn't use the password you used anywhere else. If you did then change it on the other site(s) AS SOON AS POSSIBLE. What are you doing continue reading? You're supposed to do this RIGHT NOW!

    If you need help with this then the best thing to do is to ask your parents or any other family members. Trust me: this is really important enough. If for some reason you can't ask them then just ask your friends to help you out or ask here. And if you don't want anyone to know you registered on those websites then you're also perfectly free to send me a private message and I will try to help you out best as I can. And don't worry: I'm not the kind of player who would share info like that.

    The next step, obviously, is to change the passwords you used on those Hello Kitty websites.

    How to prevent this from happening?

    The best way to make sure that nothing too bad can happen is to always make sure that you use different passwords on different websites. A good way to help you with that are so called password managers. These are programs which allow you to store several passwords together, and secure the whole thing with your favorite password. Some of them will even provide some kind of integration with your web browser which should make it much easier to use. So you'd only need to remember one password while you'd still be using dozens of different ones.

    Here is a rough overview of some of the better password managers from 2015, as you can see there are also plenty of programs available free of charge as well:


    Personal note (mini rant):

    I am disgusted and appalled with reading news like this, news like this seriously pisses me off. You don't target children like that, you don't target people who don't (or can't) know any better. Even within the more, hmm, "shadey environments" there are some ethics people work by.

    For the record: I tried to obtain this database, and I also searched around several weird places (no comment). Which is one of the reasons why I have some doubts. Even so: this is important enough to share either way.

    607 and HannahEB like this.
  2. I mean I posted a PSA about 000webhost's breach, a much larger breach, and was told not to bump it because it's apparently irrelevant on EMC lol
    Salpai, Tigerstar, nltimv and 2 others like this.
  3. Neither is most of the stuff on the forums :p

    and oh no, I must change my Hello Kitty account passwords! How will I play Hello Kitty and San Rio Friends Racing now?!?! What a terrible day :(
  4. bruh u did not just make this
    HannahEB likes this.
  5. Either that or you bumped it too early of course ;)

    Well, that's obviously not the problem here. If people know your account name, password and e-mail address then they can try to use that combination on other places as well, possibly causing all kinds of mischief.


    And since the main target are children that makes them an even easier target. I can picture it now: "Mum, my online savings is gone". "Then you need to learn how to spend it more wisely dear!".
    607 likes this.
  6. I thought you was talking about HKRo from the title :p
    607, HannahEB, ShelLuser and 2 others like this.
  7. Quite a good point indeed. Hmm, lets see if we can make this more obvious.


    In the mean time an anonymous moderator helped me change the title (thanks again!). And thanks to you as well Builder!
  8. Really think this hashtag should be passed around EMC more, I think it would really send a good message to the younger players of EMC (9 - 13). #StaySafeOnline
    HannahEB and ShelLuser like this.
  9. What is this -> sanriotown.com I guess I dont have to change passwords. xD
  10. Hashtags have no use here though.
    607, Dektirok, Salmatic and 1 other person like this.
  11. What lol
    SoulPunisher likes this.
  12. There are some valid sources with this claim, the The Guardian and Gizmodo. But I gotta say, I don't see a need to make a post about it on emc, lol.
    ShelLuser and xHaro_Der like this.
  13. Mainly because perhaps someone uses the same password as on the two listed websites.
    ShelLuser likes this.
  14. Looks like the passwords were hashed with sha1 according to Gizmodo. This means that they don't actually have the password you used, just a hash of it which can't be easily reversed. They also have a lot of personal information from users which is the scarier part, and if you have a particularly weak password (short or using the personal information found) they could reverse it much faster. More important than changing your passwords is that you use a more powerful one so that in the case of a breach like this, your original password is much safer and you can simply change it on the affected site with little worry.

    For those still confused, they have a modified version of your password, not the actual password. Depending on how strong your password was, it could be incredibly time consuming and expensive for them to find the original. To best ensure your password safety, use strong passwords and use different ones on different sites (or at least different ones for more important sites)
    607 likes this.
  15. I stand corrected. Not going to discuss this in depth here because it's kind of offtopic (for this thread), but when I'm wrong I'm wrong. So yeah, you make a fair point Haro. I just read Aikar's post on the possible irrelevance for EMC with regards to that webhost breach.
    607 and xHaro_Der like this.