SanrioTown security breach puts Hello Kitty fans' private information at risk from hackers
Personal details like names and email addresses of users were leaked in the security breach
Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
A large data breach at Sanrio Town, the official online community for fans of Japanese cartoon character Hello Kitty, has resulted in the leak of the private information of around 3.3 million users, it has been reported.
Weeks after hackers broke into a secure database at children's toy company VTech, gaining access to the personal details and even pictures of potentially millions of children, the apparent Sanrio Town breach has resulted in the publication of the names, birth dates, genders, email addresses and countries of origin of millions of users.
The breach was discovered by security researcher Chris Vickery, who alerted the Salted Hash security blog about the issue over the weekend.
As well as Sanrio Town, which takes its name from the company that owns the rights to the Hello Kitty brand, some accounts on a number of other portal sites related to the website were reportedly leaked.
According to Salted Hash, the earliest known date of publication for the private information was 22 November this year.
Sanrio and the internet service provider used to host the leaked database of details have been notified, but it is not yet clear if the database, and two other cloned versions of it, have been removed from the web.
Hello Kitty, and many of Sanrio's other cute characters, are loved by children the world over - so there is a concern that the private details of children could have been leaked.
The passwords of users were 'hashed', making them difficult to find out - however, determined hackers could potentially break this encryption enough to accurately guess the passwords.
Password hints and their corresponding answers seem to have been leaked too, providing hackers with another method to discover the passwords.
Similarly, the birthdays of users were encoded - but Salted Hash noted that this security measure could easily be navigated.
While the security issue is still ongoing, SanrioTown users would do well to change their passwords on other websites, if those passwords are the same they use on Sanrio Town.
Similarly, password hints and answers should be changed if they are the same on Sanrio Town and other sensitive websites, such as email services or online banking.
Sanrio has not yet publicly commented on the allegations of a data leak.
The Independent has contacted Sanrio for a comment, this article will be updated when they respond.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies