Hello Kitty SanrioTown breach affects 3.3 million accounts

Tokyo-based Sanrio, owner of the Hello Kitty brand, has yet to publically acknowledge the data breach. And now there’s another data breach that all parents need to be aware of.

Security news blog Salted Hash, which was contacted by Vickery following his discovery, reported that the leak was down to poor database security, and that two backup servers containing mirrored data were also found online.

The biggest worry about said leak is that there are likely a lot of accounts for kids across Hello Kitty’s digital network.

After discovering the database of information, Vickery passed on the details to technology website CSO and DataBreaches.net.

Though Sanrio has been notified about the apparently breach, there hasn’t been any official word from the company regarding its authenticity-or, more importantly, if even more data might have been accessed and distributed as well.

Details included in the records, which were first known to have been published on November 22, 2015, are the first and last names, email addresses, home countries and the sexes of users, as well password hints and their corresponding answers.

Parents of Hello Kitty fans may want to check if their kids hold an account on SanrioTown.com, which has been hacked.

Users have been advised to change passwords to something that is not already in use on other sites in order to boost security.

Accounts registered to other sites associated with SanrioTown.com are also affected by the leak, including hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; andmymelody.com.

This kind of hack reveals the worrying reality that today’s children are at risk of having their online information compromised in a way that could have long-lasting ramifications throughout their lives. Fraud and identity theft can target children, using their information undetected for years.