Article Lead Image

Hello Kitty database hack exposes 3.3 million fans’ private info

Leaked data includes real names, birth dates, and passwords.


Aja Romano


Posted on Dec 20, 2015   Updated on May 27, 2021, 11:32 am CDT

Last week, 31-year-old IT support specialist Christopher Vickery uncovered a major breach in a widely reviled utility tool for Apple computers. This week, he’s moved on to a different side of the Internet—Hello Kitty and its millions of fans. 

Vickery reportedly provided evidence to security news site CSO Online that the personal data of 3.3 million Hello Kitty fans is not secure. Vickery claimed to have obtained the information from multiple databases on Sanrio’s Hello Kitty website. Among the data he was allegedly able to access were full names, birth dates, “unsalted” passwords, and answers to password recovery hints.

Vickery is a type of hacker sometimes known as a security researcher—the kind who looks for ways to exploit website or software security and alerts the public about any data breaches they might find. Vickery found databases pulling information from numerous Sanrio websites, including the U.S., Singaporean, Malaysian, and Thai versions of the main Hello Kitty website, as well as The data may have been exposed as early as Nov. 22. 

CSO Online reported that Sanrio had been contacted about the breach, and encouraged parents and children who frequented the Hello Kitty website to make sure the password they used there wasn’t duplicated on other websites they access regularly. 

Vickery did not immediately respond to a request for comment.

H/T CSO Online | Illustration via

Share this article
*First Published: Dec 20, 2015, 8:01 pm CST