Security researchers advise that the Hello Kitty community has suffered a data exposure of 3.3 million accounts. If you registered through the Hello Kitty fan portals via any of the following websites, you may have had your or your child/grandchild’s information compromised.
- hellokitty.in.th; and
A database for sanriotown.com, the official online community for Hello Kitty and other Sanrio characters, has been discovered online by researcher Chris Vickery. The database houses 3.3 million accounts, and has ties to a number of other Hello Kitty portals.
The data exposed include first and last names, birthday (encoded, but easily reversible Vickery said), gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers, and other data points that appear to be website related. The data exposure, according to CSO Online contained information on minors (those under the age of 18), and that the exposure may have been limited to just the security researcher, Vickery.
The number one action you can take to protect your family using SanrioTown is to change your passwords.