The biggest threat to having your identity or bank account information stolen isn't a retail store or online vendor - it is Hello Kitty!
Don't Miss: See the first leaked Black Friday 2016 Ad
Parents have been told to be on alert after 3.3 million user credentials for the Hello Kitty website sanriotown.com were sent to an online database. SanrioTown is one of the most popular destinations for children, and now their user names, genders, birthdays, and their password retrieval questions are available to potential hackers.
The hackers began taking information as early as November, according to security researchers. User data from the related Sanrio sites hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th, and mymelody.com were also included in the leak.
The passwords were saved as "unsalted SHA-1 password hashes" which is an encryption form that stores the passwords as scrambled letters and numbers. While they may appear secure, there is a key that unlocks all of them. Hackers are able to see common passwords and build the key from there. Children aren't likely to create passwords that are difficult to unlock.
Thankfully, the databases didn't include credit card numbers, but SanrioTown does accept them. Still, if the hackers learn one password, they may learn password for other sites that aren't as secure.
Salted Hash, the securities blog that first reported the SanrioTown leak, is advising users to change their passwords and security questions on other websites, especially on online banking sites and social media platforms that contain personal information.
How To: Buy a Pokemon Go Plus
This isn't the first case of a toy opening up problems for children and parents. For the time being until these cases are resolved, parents are encouraged to keep the toys that use the internet, even WiFi, to a minimum.