From The Register:
Up to 3.3 million Hello Kitty users have had their personal data exposed due to a database breach at the brand's online community SanrioTown.com, a security researcher has discovered.
The sanriotown.com breach had been discovered online by researcher Chris Vickery who informed security blog Salted Hash.
The exposed records include users' names, birthdates, gender, nationality, email addresses, unsalted SHA-1 password hashes, and password hint questions.
"While having sensitive details exposed is bad enough for adults, when the information relates to a child it's far worse.
"If someone managed to compromise a child's identity, the fraud might not be detected for years because most parents don't monitor their child's credit record," noted Salted Hash writer Steve Ragan.
In addition to the primary Sanriotown database, two additional backup servers containing mirrored data were also compromised, it said.
The earliest known date of publication for the private information was 22 November this year