Database Leak Exposes Info of 3.3 Million Hello Kitty Fans
The database for SanrioTown.com, the official online community for Hello Kitty, leaked the data of 3.3 million Hello Kitty fan accounts, according to online researcher Chris Vicery.
Vickery contacted Salted Hash and Databreaches.net about the leak on Saturday, one day after discovering the breach.
Exposed data includes first and last names, encoded birthdates, gender, country of origin, email addresses, password hint questions and their corresponding answers, and other website-related data points. The data could have been leaked as early as November 22, 2015.
Vickery reported other fan portal sites were also affected, including hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.com.in.th, and momelody.com.
Since the Hello Kitty brand is so popular with children worldwide, the primary concern is that the personal information of kids could have been leaked. This happened during the recent VTech data breach, in which the personal data and photographs of 6.4 million children were exposed.
Sanrio has not yet confirmed how many accounts may have been affected by this breach. The only statement the company has released to the media is, “The alleged security breach of the SanrioTown site is currently under investigation. Information will be made available once confirmed.”
This is the second data breach the company has had to deal with this year. In April, the information of 6,000 shareholders had been leaked.
Anyone who has a SanrioTown account may want to take some precautions. Users will want to change their passwords on the affected Hello Kitty websites. Additionally, if a user has the same password for other accounts, they will want to change those as well.
As more and more children are being affected by data breaches, parents may also want to begin monitoring their child’s credit reports.