A security breach at Sanrio Town, the official community website for fans of Hello Kitty, has leaked the private details of around 3.3 million users, many of which are believed to be children.
The breach was discovered by security researcher Chris Vickery according to the Salted Hashblog. Details leaked include the user's real name, email address, account password, gender, birthday, country of origin, password hints, and their answers.
Birthdays and passwords were encoded but, according to Vickery, these could easily be decoded.
The accounts were registered through the following websites which may also be at risk from the leak: hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com.
In addition to the Sanrio Town database, Vickery found two additional backup servers containing mirrored data. According to the blog, the earliest known date of exposure of the data was 22 November this year.
It is still unclear whether access to the database or its mirrors have been removed, although Sanrio, the firm behind Hello Kitty, has been notified of the breach. Vickery has not published the data's whereabouts in order to prevent the leak from spreading.
Users have been advised to change passwords to something that is not already in use on other sites in order to boost security. They've also been advised to set up credit monitoring.
Emily Orton, director at Darktrace, said that companies such as Sanrio "need to urgently rethink the ways that they protect their information and reputation.
"The status quo of security is not good enough anymore we know that companies face continual threats. Now it is time to do something about it, and bolster internal monitoring systems that work to catch early signs of compromise," she said.
The news of the breach comes after thehackingof electronic toy firm VTech last month. A man was later arrested on suspicion of "unauthorised access" to a computer, according to a statement by the South East Regional Organised Crime Unit (Serocu).
The hack exposed details of 4.8 million customers, including 200,000 children, making it one of the biggest consumer data breaches ever.
Vickery has of late also discovered security breaches at MacKeeper, OKHello, Slingo and Hzone.
-
OpenAI just launched 'Codex', a new AI agent for software engineeringNews OpenAI has unveiled the launch of a new AI agent, dubbed 'Codex', aimed specifically at supporting software engineering tasks.
-
Acer's new Swift Edge 14 AI is a MacBook Air killerNews Acer's new Swift Edge 14 AI is an ultra-lightweight, compact productivity powerhouse.
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
