An Internet security researcher has revealed that details of around 3.3 million user accounts on various sites associated with the Hello Kitty brand have been illegally obtained and posted in public.
As noted by various sources, given the target market of the popular Japanese-based brand, majority of the stolen personal details could belong to minors.
According to CSO Online, the hack was discovered by cyber security analyst Chris Vickery. He noted that the attack was carried out on various sites managed by Hello Kitty owner Sanrio including Sanriotown.com, hellokitty.com and mymelody.com.
Although it is not yet clear how the cyber attack was carried out, hackers were able to obtain the first and last names of account holders, their email addresses, and the question and answer hints for their passwords.
Wired reported that Sanrio has already been informed about the hack but the company said that it is still conducting its own investigations on the matter. According to the site, the company has not yet confirmed if its sites were really hacked but Sanrio advises users to immediately change their passwords to avoid being victimized.
Since the Hello Kitty brand and Sanrio's other products and services generally appeal to kids and teenagers, many of the hackers' victims could be minors. Peter Tran, the general manager of network security firm RSA, noted that the latest incident highlights the dangers of kids' online activities and presence.
"You look at play education moving from the classroom to the connected community," he told CBS News.
"You have to think of the net value of the data down the line. These kids are going to be even more connected in the future, and while some of the information shared about them right now might not bear the same consequence, they will be living in a world where they will have Apple Pay and Google Wallet and other things," he added.
The data breach on Sanrio's sites is the latest attack to target a company that caters to a young demographic. In November of this year, VTech Holdings, a firm based in Hong Kong that makes electronic toys and gadgets for kids also went through a similar ordeal.
The hack on the company compromised over 11 million user accounts, more than half of which were owned by kids. According to the person who carried out the attack, he was just trying to show the weaknesses in Vtech's network security.