Just in time for Christmas, security researcher Chris Vickery announced that he had discovered evidence of a data breach of more than 3.3 million accounts at Sanrio, the Japanese company that operates the Hello Kitty brand which includes numerous products and online games that appeal to young children.  In order to play the multi-player online game of Hello Kitty, users are required to register on SanrioTown.com  The data breach, according to Sanrio was due to misconfiguration of a data base which resulted in the information being open to public access.  However, this misconfiguration had gone on for a month before it was discovered by Vickery and there is no way of knowing, at this time, how many people may have already accessed the information.

Compromised information involved in the Hello Kitty data breach includes names, birth dates, email addresses, encrypted passwords and password security questions and answers.  It has not yet been determined whether or not financial information was also stolen, but the potential threats presented by the information we already know has been taken is significant.  This information can lead to damaging identity theft of children and their parents as well as an increased risk of dangerous spear phishing.


If you or your children used the website sanriotown.com as well as their websites hellokitty.com and mymelody.com you should change your passwords immediately and if you, like too many other people use the same password for all of your online accounts, you should change your passwords at each of those accounts to a unique password for each account.  You also may wish to monitor your credit and consider putting a credit freeze on your credit reports.  If you are in a state that permits you to freeze the credit of your minor children, you definitely should do that.   You can find more information about credit freezes and how to put them on your credit reports here on the Scamicide website.