This incident comes on the heels of a highly publicized hack also involving a popular, child-focused property: VTech. That incident exposed the personal data, chat logs and photos of 6.3 million people, 200,000 of whom were children. This month, police arrested a man in the UK in relation to that hack.
Online researcher Chris Vickery uncovered a database this weekend containing the personal information of 3.3 million accounts associated with Hello Kitty Online and official Hello Kitty websites, including SanrioTown.com, HelloKitty.com and MyMelody.com. The information included users’ first and last names, birthdays, genders, countries of origin, email addresses, password hashes, password hint questions and answers, and other data, CSO Online reports. Some of the information was encrypted, but “easily reversible,” according to the site. The breach was the result of a misconfigured database installation and all of the information is now secure, CSO says.
“The alleged security breach of the SanrioTown site is currently under investigation,” Sanrio said in a statement to the site. “Information will be made available once confirmed.”