"Hello Kitty" hack exposes 3.3. million user accounts

The database for sanriotown.com -- the online interactive community for the popular Hello Kitty brand -- has been discovered online, potentially compromising 3.3 million user accounts. Internet security researcher Chris Vickery first discovered the breach, the data security information website CSO Online reports.

According to Vickery, the information that was publicly posted included a wide range of private user information such as first and last names, gender, country of origin, email addresses, and even password hint questions and answers. Beyond this, two backup servers that contained mirrored data from the site were also found.

A robot "Hello Kitty" Yoshikazu Tsuno/AFP/Getty Images

This kind of hack reveals the worrying reality that today's children are at risk of having their online information compromised in a way that could have long-lasting ramifications throughout their lives.

"You look at play education moving from the classroom to the connected environment -- to a connected community. You have to really think of the net value of the data down the line. These kids are going to be even more connected in the future, and while some of the information shared about them now might not bear the same consequence, they will be living in a world where they will have Apple Pay and Google Wallet and other things," Peter Tran, GM and senior director at the network security company RSA, told CBS News.

"The data itself might not be an immediate snatch-and-grab now, but it is a treasure trove of information that hackers could mine through for future generations going forward," Tran said.

For parents whose kids are big fans of Hello Kitty, this security breach is the latest in a recent string of hacks that potentially compromised the personal data of children and their families. In November, VTech Holdings, a Hong Kong company that makes electronic toys, games and tablets for children, revealed that hackers obtained personal information of about five million customers. This included more than 200,000 children.

Tran said that when it comes to breaches that impacted VTech and Hello Kitty's sanriotown.com, the threat of sharing kids' data with something as seemingly innocuous as an online game or a mobile app might not be obvious. However, he said that once you enter the "pay to play" environment, where a user must enter personal financial information to access more content, then the danger of a data breach becomes more apparent.

"Parents have to take the same due diligence about managing one's identity through something like this as you they would with a bank account," he said.

"I want to continue to emphasize the importance of early moderating and protection of the entire environment of mobile and online app-based communities. This moderation is one of the larger challenges that we have in moving from online retailing to classroom learning environments that are staged across the same infrastructure of mobile devices and cloud environments. It just underscores the much larger challenge that a toy manufacturer or an online retailer faces with any of these portals that a child can use to play in," he said.

Featured in SciTech