Hello Kitty's online community was allegedly hacked. (Photo : Twitter)
An alleged security breach at SanrioTown.com, an online community for Hello Kitty fans, makes account details of 3.3 million users available online. Sanrio, the Japanese owner of the iconic Hello Kitty has only so far confirmed an ongoing investigation about the alleged hacking of their websites.
The database of about 3.3 million SanrioTown users was discovered online by researcher Chris Vickery, who reported it to the security blog Salted Hash and Databreaches.net. Aside from the user database, two backup servers were also found online.
The information leaked include the users' full names, birthdates, countries of origin, genders, email addresses, encrypted passwords and even security questions and answers for forgotten passwords.
According to The Guardian, SanrioTown uses hashing technique for its website, where the original passwords are almost impossible to retrieve when lost. But hackers have a way of deciphering common passwords to break into user accounts.
The likely reason for SanrioTown's vulnerability to security breach might have been a third party, Peter Tran of RSA, a network security company, told Reuters.
The immediate concern for authorities is if the database contained personal information of children, as well as financial data of parents and adult users since Sanrio, particularly the Hello Kitty brand, is popular worldwide.
"There is a great potential of financial data being on these types of sites," Tran said.
Apart from SanrioTown, related sites such as hellokitty.com, hellokitty.com.my, hellokitty.com.sg, hellokitty.in.th and mymelody.com were also hacked.
This is the second time a children's toy company has been hacked. In November, electronic toy manufacturer VTech lost customer data to a 21-year-old hacker from Berkshire, who was arrested on Dec. 15.
