January 5, 2016

Share Everywhere

Hello Kitty Data Breach

Hello Kitty has donned many outfits, from doctor’s scrubs to astronaut gear. But what will the famous character choose to wear as a potential identity theft victim?

Recently, the brand’s company, Sanrio, announced that its popular online site for Hello Kitty and other characters was breached, likely compromising 3.3 million user accounts. Since the site centers on games and quizzes for children, many of those users are probably under the age of 18.

As we’ve noted before, identity thieves find children’s information to be especially valuable, since it represents a “clean slate” for opening new accounts and other forms of fraud. Often, parents don’t realize a child’s identity has been stolen until a significant amount of damage is already done.

That means the Sanrio breach should be a serious concern for any parent, and an indication that even the most fun and seemingly innocuous website can have its risks if security is lax.

Inside The Hello Kitty Data Breach

The Sanrio situation started when security researcher Chris Vickery discovered a leaked database of user accounts for Sanriotown.com, Hellokitty.com and Mymelody.com. The data included full names, birth dates, email addresses and passwords. The database even had password reset questions and answers.

The company has downplayed the breach, and noted that the “security glitch” has been fixed, but it’s impossible to know whether anyone has picked up the data. Also, it’s unclear how long that information has been available online, which means that numerous hackers may have had access for months, or even years, before Vickery noticed the issue.

Anyone using the Sanrio websites has been advised to change their passwords, including reset prompts.

Future Consequences

Although the Sanrio breach didn’t include Social Security numbers, home addresses, or other information that can be used immediately for identity theft, security researchers still expressed concern that the data could be used in the future.

That concern comes at a time when hacks that target children and families are being reported all to often. In November, Hong Kong company VTech Holdings admitted that hackers obtained personal data on 4.9 million adults, as well as 6.4 million children.

In another incident, a security researcher warned that the microphone on certain talking Barbie dolls could be manipulated and turned into surveillance devices.

Unfortunately, these breaches and security challenges are likely to keep occurring, especially as identity thieves target younger people and kids. To keep your family safe, be sure to review your child’s credit report at least once a year, to make sure no one has opened a credit card using his or her identity.

You can also enroll in IdentityForce’s UltraSecure service with optional ChildWatch. With ChildWatch, we continuously monitor thousands of websites, chat rooms and blogs to help keep your child’s identity and privacy safe from cybercriminals.

Judy Leary

President at IdentityForce
For Judy, identity theft protection is in her DNA—her dad started IdentityForce’s parent company in the 70s, and in the 80s, she and her brother came on board. She loves her dedicated team and how much they care about every member, partner, and supplier. In addition to protection against identity theft, Judy is passionate about travel (Aruba is her “happy place”!) and giving back. She volunteers for the Alzheimer’s Association, Mazie Mentoring Program, and Sunshine Golden Retriever Rescue. She’s also a proud mom to 2 grown daughters and 3 rescue dogs.

Latest posts by Judy Leary (see all)

Join The Discussion

Your email address will never be published.