A database for Sanrio, the Japanese owner of the Hello Kitty brand, was breached, putting 3.3 million of its users' data at risk, according to security website CSOonline.com's report.
網(wǎng)絡(luò)安全信息網(wǎng)站CSOOnline.com的一份報告顯示����,日本三麗鷗公司(Sanrio)某數(shù)據(jù)庫遭遇攻擊���,導致330萬Hello Kitty品牌客戶的資料面臨風險。
The leaked data includes information such as users' full names, email addresses and encrypted passwords, the website reported, citing security researcher Chris Vickery.
報告指出��,據(jù)網(wǎng)絡(luò)安全研究員克里斯·維克瑞稱��,此次泄露的數(shù)據(jù)包括用戶全名��、電子郵箱地址����,以及加密密碼。
The information exposed in the breach includes the first and last names, birth dates, genders, countries of origin, and email addresses for 3.3 million accounts.
而這330萬個賬號的用戶姓名���、生日�、性別���、國籍����,以及電子郵箱都可能遭到曝光。
It is not clear if the exposed data contained any financial information.
此次泄露的數(shù)據(jù)中是否還包含客戶的財務(wù)信息�,目前仍不得而知。
The passwords are 'lightly-protected' along with forgotten password questions and answers.
用戶密碼的保護機制似乎“并不嚴密”����,僅有密碼重置問題與答案兩項。
The passwords themselves are “hashed”, a form of protection which renders it technically impossible to retrieve the original password.
不過�����,三麗鷗對用戶密碼采取了“哈希運算”�,能保證初始密碼不會被完全破解。
However, the hashing technique used by SanrioTown leaves it easy for an attacker to uncover a significant proportion of the obscured passwords.
然而����,即便采取了上述加密技術(shù),黑客依舊能破譯很大一部分字符���。
Sanrio, the owner of the brand, has not publicly responded to the allegations of an account leak.
截至目前���,三麗鷗公司尚未對賬戶泄露事件作出公開回應(yīng)��。
As well as SanrioTown itself, accounts from a number of other Hello Kitty websites were also included in the leak: according to Salted Hash, those are hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com. Two backup servers were also discovered online.
除了三麗鷗網(wǎng)站賬戶外,不少Hello Kitty衍生網(wǎng)站的賬戶信息也遭到泄露���,包括hellokitty.com���,hellokitty.com.sg,hellokitty.com.my����,hellokitty.in.th和mymelody.com。另外�����,該公司的兩份備份資料也在網(wǎng)上被公之于眾�����。
This is the second major breach of an Asian toy company's database in as many months.
這已是數(shù)月來第二宗針對亞洲玩具公司數(shù)據(jù)庫的大規(guī)模網(wǎng)絡(luò)攻擊了����。
Electronic toymaker VTech Holdings Ltd said in November that it was the victim of a cyber attack that compromised information about customers who access a portal for downloading children's games, books and other educational content.
另一家電子玩具制造商偉易達(VTech Holdings Ltd)稱,11月公司曾遭遇一輪網(wǎng)絡(luò)攻擊����。顧客在登錄公司網(wǎng)站下載兒童游戲���、書籍及教育材料后,個人信息會遭到泄露���。
Vickery and Sanrio could not immediately be reached for comment.
目前�,維克瑞與三麗鷗公司均未對此事作出回應(yīng)���。
英文來源:每日郵報
譯者:郭汪韜略
審校&編輯:丹妮
