Breach, Compliance Management, Data Security, Network Security, Privacy

Hello Kitty SanrioTown breach affects 3.3 million accounts

A security researcher claims to have discovered a leaked database for, the Hello Kitty official online community, which contained the information of 3.3 million accounts.

Independent security researcher Chris Vickery said the data contained user first and last names, genders, countries of origin, email addresses, forgotten password questions and answers, weakly encoded birthdays and unsalted SHA-1 password hashes, according to the security news site Salted Hash. Two additional backup servers containing mirrored data were also discovered, the report said.

Accounts registered to;;;; and were also compromised as well. SanrioTown said it complies with internationally recognized standards of personal data and privacy protection in its privacy policy. has not officially addressed allegations of the leak and has yet to respond to's request for comment.

This is the second major breach affecting a children's product within a month following the VTech breach that impacted nearly six million accounts.

Update: Sanrio acknowledged the company's data was accessible to those who knew the address of the vulnerable servers but said, to its knowledge, "no data was stolen or exposed." in a Dec. 22, 2015 company blog post. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.