A database for the Hello Kitty community sanriotown.com containing 3.3 million accounts has been discovered online in an apparent breach.
According to CSO Online, researcher Chris Vickery discovered the breach:
The records exposed include first and last names, birthday (encoded, but easily reversible Vickery said), gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers, and other data points that appear to be website related.
Information from other Hello Kitty-related websites hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com have also been discovered online. Users are advised to change their login credentials, especially if the same information is shared between accounts on other sites.
Most worrisome about this breach is the number of accounts that are likely owned by children.