Hello Kitty users hit by security breach

Hello Kitty logo

A security breach at Sanrio Town, the official community website for fans of Hello Kitty, has leaked the private details of around 3.3 million users, many of which are believed to be children.

The breach was discovered by security researcher Chris Vickery according to the Salted Hashblog. Details leaked include the user's real name, email address, account password, gender, birthday, country of origin, password hints, and their answers.

Birthdays and passwords were encoded but, according to Vickery, these could easily be decoded.

The accounts were registered through the following websites which may also be at risk from the leak: hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com.

In addition to the Sanrio Town database, Vickery found two additional backup servers containing mirrored data. According to the blog, the earliest known date of exposure of the data was 22 November this year.

It is still unclear whether access to the database or its mirrors have been removed, although Sanrio, the firm behind Hello Kitty, has been notified of the breach. Vickery has not published the data's whereabouts in order to prevent the leak from spreading.

Users have been advised to change passwords to something that is not already in use on other sites in order to boost security. They've also been advised to set up credit monitoring.

Emily Orton, director at Darktrace, said that companies such as Sanrio "need to urgently rethink the ways that they protect their information and reputation.

"The status quo of security is not good enough anymore we know that companies face continual threats. Now it is time to do something about it, and bolster internal monitoring systems that work to catch early signs of compromise," she said.

The news of the breach comes after thehackingof electronic toy firm VTech last month. A man was later arrested on suspicion of "unauthorised access" to a computer, according to a statement by the South East Regional Organised Crime Unit (Serocu).

The hack exposed details of 4.8 million customers, including 200,000 children, making it one of the biggest consumer data breaches ever.

Vickery has of late also discovered security breaches at MacKeeper, OKHello, Slingo and Hzone.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.