More than three million Hello Kitty fans have had their details stolen after a data breach at SanrioTown.com, the online community for fans of the Japanese cartoon character.
Names, email addresses, passwords, dates of birth and countries of origin were all exposed in the breach of 3.3 million accounts.
The website is reported to have used a password protection technique known as “hashed” however SanrioTown’s version of the security feature is understood to have left vulnerabilities which made it possible for hackers to easily attain the information.
The leak was discovered online by researcher Chris Vickery, who alerted security blog Salted Hash over the weekend.
A number of other Hello Kitty websites were also part of the leak including hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com.
Tokyo-based Sanrio, owner of the Hello Kitty brand, has yet to publically acknowledge the data breach.
The Hello Kitty hack is the second in a number of weeks following a data breach at children's toy company VTech in which hackers stole the personal details and even pictures of children.