Day after day, week after week, the hacks, breaches and data leaks continue to roll in.
The latest victim? Hello Kitty.
CSO Online is reporting that a database for a website owned by Sanrio — the company behind the wildly popular Hello Kitty character — is available online.
Security researcher Chris Vickery found the database, which apparently contains information on more than 3.3 million accounts for the website sanriotown.com.
Sanrio Town bills itself as the “the official online community of Sanrio fans,” and there are fears — though not yet confirmation — that children’s data is among the information affected.
Sanrio has yet to comment publicly on Vickery’s findings.
CSO Online’s report says only that the database was “discovered online” (and certain details have been withheld to prevent malicious actors identifying it). As such, it’s not quite clear how it has become available. There’s no mention of a hacker leaking it, so it’s possible that the data is exposed due to inadequate security protections.
There’s also no indication as to whether anyone else has accessed the data in the time it has been exposed — since at least November 22, 2015.
The data accessed apparently includes names, email addresses, genders, birthdays, and password hashes, among other website-related info.
The news comes hot on the heels of another damaging hack of a kid-focused company. VTech builds electronic toys and tablets for children, and in November, Motherboard broke the news that more than 11 million users’ personal information was accessed by a hacker — including 6.5 million children. The hacker claims they wanted to highlight VTech’s allegedly poor security practices. A 21-year-old British man was subsequently arrested, but so far has not been charged.