Parents warned as Hello Kitty database leak exposes the details of 3.3million users
A database for Sanrio, the Japanese owner of the Hello Kitty brand, was breached, putting 3.3 million of its users' data at risk, according to security website CSOonline.com's report.
The leaked data includes information such as users' full names, email addresses and encrypted passwords, the website reported, citing security researcher Chris Vickery.
The information exposed in the breach includes the first and last names, birth dates, genders, countries of origin, and email addresses for 3.3 million accounts.
It is not clear if the exposed data contained any financial information.
The passwords are 'lightly-protected' along with forgotten password questions and answers.
The passwords themselves are “hashed”, a form of protection which renders it technically impossible to retrieve the original password.
However, the hashing technique used by SanrioTown leaves it easy for an attacker to uncover a significant proportion of the obscured passwords.
Sanrio, the owner of the brand, has not publicly responded to the allegations of an account leak.
As well as SanrioTown itself, accounts from a number of other Hello Kitty websites were also included in the leak: according to Salted Hash, those are hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com. Two backup servers were also discovered online.
This is the second major breach of an Asian toy company's database in as many months.
Electronic toymaker VTech Holdings Ltd said in November that it was the victim of a cyber attack that compromised information about customers who access a portal for downloading children's games, books and other educational content.
另一家电子玩具制造商伟易达（VTech Holdings Ltd）称，11月公司曾遭遇一轮网络攻击。顾客在登录公司网站下载儿童游戏、书籍及教育材料后，个人信息会遭到泄露。
Vickery and Sanrio could not immediately be reached for comment.