Hello Kitty网站遭袭 三百万用户资料外泄

A database for Sanrio, the Japanese owner of the Hello Kitty brand, was breached, putting 3.3 million of its users' data at risk, according to security website CSOonline.com's report.

网络安全信息网站CSOOnline.com的一份报告显示，日本三丽鸥公司（Sanrio）某数据库遭遇攻击，导致330万Hello Kitty品牌客户的资料面临风险。

The leaked data includes information such as users' full names, email addresses and encrypted passwords, the website reported, citing security researcher Chris Vickery.

报告指出，据网络安全研究员克里斯·维克瑞称，此次泄露的数据包括用户全名、电子邮箱地址，以及加密密码。

The information exposed in the breach includes the first and last names, birth dates, genders, countries of origin, and email addresses for 3.3 million accounts.

而这330万个账号的用户姓名、生日、性别、国籍，以及电子邮箱都可能遭到曝光。

It is not clear if the exposed data contained any financial information.

此次泄露的数据中是否还包含客户的财务信息，目前仍不得而知。

The passwords are 'lightly-protected' along with forgotten password questions and answers.

用户密码的保护机制似乎“并不严密”，仅有密码重置问题与答案两项。

The passwords themselves are “hashed”, a form of protection which renders it technically impossible to retrieve the original password.

不过，三丽鸥对用户密码采取了“哈希运算”，能保证初始密码不会被完全破解。

However, the hashing technique used by SanrioTown leaves it easy for an attacker to uncover a significant proportion of the obscured passwords.

然而，即便采取了上述加密技术，黑客依旧能破译很大一部分字符。

Sanrio, the owner of the brand, has not publicly responded to the allegations of an account leak.

截至目前，三丽鸥公司尚未对账户泄露事件作出公开回应。

As well as SanrioTown itself, accounts from a number of other Hello Kitty websites were also included in the leak: according to Salted Hash, those are hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com. Two backup servers were also discovered online.

除了三丽鸥网站账户外，不少Hello Kitty衍生网站的账户信息也遭到泄露，包括hellokitty.com，hellokitty.com.sg，hellokitty.com.my，hellokitty.in.th和mymelody.com。另外，该公司的两份备份资料也在网上被公之于众。

This is the second major breach of an Asian toy company's database in as many months.

这已是数月来第二宗针对亚洲玩具公司数据库的大规模网络攻击了。

Electronic toymaker VTech Holdings Ltd said in November that it was the victim of a cyber attack that compromised information about customers who access a portal for downloading children's games, books and other educational content.

另一家电子玩具制造商伟易达（VTech Holdings Ltd）称，11月公司曾遭遇一轮网络攻击。顾客在登录公司网站下载儿童游戏、书籍及教育材料后，个人信息会遭到泄露。

Vickery and Sanrio could not immediately be reached for comment.

目前，维克瑞与三丽鸥公司均未对此事作出回应。