2017考研趣味閱讀：Hello Kitty網站遭襲三百萬用戶資料外泄

考研吧來源：中國日報 2015-12-28　

Hello Kitty網站遭襲三百萬用戶資料外泄

Parents warned as Hello Kitty database leak exposes the details of 3.3million users

A database for Sanrio, the Japanese owner of the Hello Kitty brand, was breached, putting 3.3 million of its users' data at risk, according to security website CSOonline.com's report.

網絡安全信息網站CSOOnline.com的一份報告顯示，日本三麗鷗公司(Sanrio)某數據庫遭遇攻擊，導致330萬Hello Kitty品牌客戶的資料面臨風險。

The leaked data includes information such as users' full names, email addresses and encrypted passwords, the website reported, citing security researcher Chris Vickery.

報告指出，據網絡安全研究員克里斯·維克瑞稱，此次泄露的數據包括用戶全名、電子郵箱地址，以及加密密碼。

The information exposed in the breach includes the first and last names, birth dates, genders, countries of origin, and email addresses for 3.3 million accounts.

而這330萬個賬號的用戶姓名、生日、性別、國籍，以及電子郵箱都可能遭到曝光。

It is not clear if the exposed data contained any financial information.

此次泄露的數據中是否還包含客戶的財務信息，目前仍不得而知。

The passwords are 'lightly-protected' along with forgotten password questions and answers.

用戶密碼的保護機制似乎“并不嚴密”，僅有密碼重置問題與答案兩項。

The passwords themselves are “hashed”, a form of protection which renders it technically impossible to retrieve the original password.

不過，三麗鷗對用戶密碼采取了“哈希運算”，能保證初始密碼不會被完全破解。

However, the hashing technique used by SanrioTown leaves it easy for an attacker to uncover a significant proportion of the obscured passwords.

然而，即便采取了上述加密技術，黑客依舊能破譯很大一部分字符。

Sanrio, the owner of the brand, has not publicly responded to the allegations of an account leak.

截至目前，三麗鷗公司尚未對賬戶泄露事件作出公開回應。

As well as SanrioTown itself, accounts from a number of other Hello Kitty websites were also included in the leak: according to Salted Hash, those are hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com. Two backup servers were also discovered online.

除了三麗鷗網站賬戶外，不少Hello Kitty衍生網站的賬戶信息也遭到泄露，包括hellokitty.com，hellokitty.com.sg，hellokitty.com.my，hellokitty.in.th和mymelody.com。另外，該公司的兩份備份資料也在網上被公之于眾。

This is the second major breach of an Asian toy company's database in as many months.

這已是數月來第二宗針對亞洲玩具公司數據庫的大規模網絡攻擊了。

Electronic toymaker VTech Holdings Ltd said in November that it was the victim of a cyber attack that compromised information about customers who access a portal for downloading children's games, books and other educational content.

另一家電子玩具制造商偉易達(VTech Holdings Ltd)稱，11月公司曾遭遇一輪網絡攻擊。顧客在登錄公司網站下載兒童游戲、書籍及教育材料后，個人信息會遭到泄露。

Vickery and Sanrio could not immediately be reached for comment.

目前，維克瑞與三麗鷗公司均未對此事作出回應。