The website CSO that publishes information about data protection and web security, announced on Saturday that the researcher Chris Vickery found that a database for sanriotown.com – which holds information of portals from Hello Kitty and other Sanrio Characters – of more than 3.3 million customers has been exposed.

Sources would appear to show that first and last names, encoded birthdays, gender, country of origin, email addresses, password hint questions with their answers and other data are among the records.

Chris Vickery remarked that hellokitty.com; hellokitty.com.sg; hellokitty.com.my; hellokitty.in.th; and mymelody.com are part of the affected websites. Also two backup servers that contain mirrored data were found.

sanrio-data-breach
Sanrio Co., Ltd. is a Japanese company that designs, licenses and produces products focusing on the kawaii segment of Japanese popular culture. Stuff Point

According to WIRED, a spokesperson from Sanrio wrote in a statement the alleged security breach of the SanrioTown site is currently under investigation and information will be made available once confirmed.

“Parents have to take the same due diligence about managing one’s identity through something like this as you they would with a bank account. I want to continue to emphasize the importance of early moderating and protection of the entire environment of mobile and online app-based communities” said Peter Tran who is a GM and senior director at the network security company RSA to CBS News.

CSO online recommended parents with kids registered on sanriotown.com that they should make sure they are not using the same password on critical websites, specially on sites that involve financial matters, email or social media. According to consumer.gov from the United States identity theft is a serious crime that occurs when someone uses information about people without their permission.

VTech data breach

Early in December a similar leak occurred since the data of 6.4 million VTech users was exposed online. The toymaker is the world’s leading supplier of corded and cordless phones and electronic learning toys, according to its official website.

The Hong Kong based company declared in a statement that name, gender and birth date were the only data published from children. However, names, mailing addresses, email addresses, secrets questions with its respective answers, IP addresses, download history and encrypted password from parents, were stolen.

The United States, France, the United Kingdom, Germany, Canada, Spain, Belgium and the Netherlands were the most affected countries. It is known that two U.S states are investigating the attack with regulators from Hong Kong, until now a 21-year-old man has been arrested in the course of investigations.

According to Motherboard, the hacker explained what had happened, adding that the action wasn’t done with a malicious intent, but to show that the company engaged in children entertainment had no adequate security. Authorities arrested a 21 years suspect for the acts in Bracknell, a town 32 miles outside of London, officials said.

Source: CSO