• June 2017
    M T W T F S S
    « Jan    
     1234
    567891011
    12131415161718
    19202122232425
    2627282930  

Hi everyone!

SanrioTown will undergo maintenance on Thursday, January 19, 2017, at 12:00 to 3:00 PM GMT+8. Please be advised that the website will be inaccessible during the maintenance. We apologize for the inconvenience!

January 14, 2017
Sanrio Digital

Sanrio Digital recently received evidence that a 2015 data breach of the SanrioTown web site involved some user data theft. Please note that this is an update about the 2015 incident, and not an existing vulnerability.

On December 22, 2015, Sanrio Digital issued a security advisory stating that personal information belonging to members of the consumer website SanrioTown.com was made publicly accessible by a security vulnerability. The vulnerability was corrected and SanrioTown users were notified of the problem (see:  http://sanriodigital.com/story/security-advisory).

At the time, we had no evidence of data theft, however we have now learned from reporter Steve Ragan of CSO Online that personal information of SanrioTown.com users was stolen during the 2015 data breach. According to Mr Ragan, a database containing information of 3,345,168 SanrioTown users has been circulating since the time of the incident. He received the sample records from LeakedSource containing information of 30 SanrioTown users. We have verified that these sample records appear to be real. We cannot, however, relate the source of such sample records to the 2015 data breach and we are unable to verify whether the database of LeakedSource contains information of 3,345,168 SanrioTown users stolen during the 2015 SanrioTown data breach.

These stolen data do not include credit card information or other payment information. Users’ passwords are encrypted with the cryptographic hash function SHA-1.

Membership data of SanrioTown are not shared with other Sanrio services or websites (such as Sanrio.com), therefore other Sanrio services were not affected.

Starting on December 22, 2015, SanrioTown and Sanrio Digital notified users about the incident, advising them to change their passwords. Media were also notified.

 Detailed Information of the 2015 data breach

1.    Personal user information stolen:

First and last name

Birthday (encoded)

Gender

Country

Email address

Password (encrypted using SHA-1 hashes)

Password hint questions

2.    Number of users affected

Potentially 3,345,168 SanrioTown accounts as reported by Steve Ragan, based on information provided by LeakedSource.

3.    Circumstances

Owing to server misconfiguration, some personal information of SanrioTown.com members was visible to people actively seeking it.

 4.    Response

The vulnerability was corrected and SanrioTown users were notified starting on December 22, 2015. Sanrio Digital advised SanrioTown users to change their passwords on SanrioTown as well as passwords on other online services and accounts if they used similar passwords or hint questions.

5.    Preventive measures

Sanrio Digital installed additional security mechanisms on SanrioTown servers and instituted additional periodic security reviews.

6.    Contact

General inquiries:

Please contact Sanrio Digital at info@sanriodigital.com

Media inquiries only:

Mark Leeper (on behalf of Sanrio Digital)

Matrix Communications Limited

email: mark@matrixcom.org

Tel: +852 9142-1510

Hello, SanrioTown!

We’d just like to inform everyone that there will be an emergency maintenance today, September 6, 2016, starting 11 PM PDT (6 AM GMT). SanrioTown mail users may experience a delay in inbound mail deliveries.

We apologize for this inconvenience.

- The SanrioTown Team

Hello, SanrioTown!

We’d just like to inform everyone that there will be an emergency maintenance today, September 6, 2016, starting 11 PM PDT (6 AM GMT). SanrioTown mail users may experience a delay in inbound mail deliveries.

We apologize for this inconvenience.

- The SanrioTown Team

December 22, 2015
Sanrio Digital

Security Advisory: Corrected a vulnerability involving personal information of SanrioTown.com members 

Sanrio Digital notifies that personal information belonging to members of the consumer website SanrioTown.com was publicly accessible owing to a security vulnerability. The vulnerability has been corrected and investigations are underway. To our knowledge at this time, no personal information of SanrioTown.com users was stolen or exposed.

On December 19, it was revealed by security researcher Chris Vickery that personal information (such as names, date of birth, gender) belonging to SanrioTown.com members was accessible by someone who knew the IP addresses of specific vulnerable servers.

The vulnerable data did not include credit card information or other payment information. Users’ passwords were accessible but remained securely encrypted with the cryptographic hash function SHA-1.

Please note that membership data of SanrioTown is not shared with other Sanrio services or websites (such as Sanrio.com), therefore other Sanrio services were not affected by this security vulnerability.

We investigated the problem and applied fixes, including securing the servers identified as vulnerable by Mr Vickery.

We are conducting an internal investigation and security review into this incident; at this time we have no indication that users’ personal information was stolen by malicious parties.

We apologize deeply for any concern and inconvenience this incident may have caused.

Detailed Information
1. Personal user information that may have been accessible:

First and last name
Birthday (encoded)
Gender
Country
Email address
Password (encrypted using SHA-1 hashes)
Password hint questions

2. Number of people whose personal information may have been leaked

Up to 3.3 million website members were potentially affected by this security vulnerability, however we have no indication that any user data was actually exposed or utilized by malicious parties.

3. Circumstances

Owing to server misconfiguration, some personal information of SanrioTown.com members was visible to security researcher Mr Chris Vickery.

4. Response going forward

We are requesting SanrioTown users to change their passwords on SanrioTown as well as passwords on other online services and accounts if they used similar passwords or hint questions.。

5. Measures to prevent reocurrence

We installed additional security mechanisms on our servers. We will carry out periodic review of these security measures

6. Inquiries

General inquiries: Please contact Sanrio Digital at info@sanriodigital.com

Media inquiries only:
Mark Leeper (on behalf of Sanrio Digital)
Managing Director
Matrix Communications Limited
email: mark@matrixcom.org
Tel: +852 9142-1510

Pink Blog
Official FAQs of Sanriotown Blog
Fashion Blog
Director's Club
Privacy Policy | Terms of Use
©1976, 1988, 1989, 1990, 1993, 1996, 1998, 1999, 2001, 2002, 2007 SANRIO CO., LTD. All rights reserved.
All copyrights on this page are owned by their respective owners. Comments are owned by the Poster.
Sanriotown Official Site | Sanrio Digital |Powered by WordPress.