Hack Of Online Hello Kitty Community Exposes Info For 3.3M Parents, Possibly Children

Just weeks after the hack of electronic toy maker VTech exposed the personal information for more than five million children and adults, another child-focused enterprise has suffered a similar breach. The interactive online community for Hello Kitty was recently breached, potentially compromising 3.3 million accounts. 

The hack affected sanriotown.com, a community for parents and children who are fans of Hello Kitty and other Sanrio characters, CSO Online reports.

Information exposed in the breach includes first and last names, birthdays, gender, country of origin, email addresses, password hints and corresponding answers, and other information.

While it’s unclear how the breach occurred, Chris Vickery, a researcher who first stumbled on the hack, said that exposed accounts were tied to several websites, including hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com.

In addition to the primary SanrioTown database being hacked, two backup servers were compromised, with the earliest exposure taking place Nov. 22.

“The alleged security breach of the SanrioTown site is currently under investigation,” the company tells CSO. “Information will be made available once confirmed.”

CSO online suggests parents that use sanriotown.com, or its related domains, make sure they aren’t using the same password for other sites, like those used for banking, email, or social media.

This is the second hack to potentially expose the personal information of children. In late November, VTech confirmed that an “unauthorized party” accessed customer data housed in its Learning Lodge app store, which allows customers to download apps, games, e-books and other content for VTech products.

While the company assured users that the Learning Lodge does not store credit card information or Social Security numbers, the database does include data like names, e-mail addresses, encrypted passwords, IP addresses, mailing addresses, download histories, and answers to password-retrieval questions.

Database leak exposes 3.3 million Hello Kitty fans [CSO Online]