Japan-based Sanrio, owner of the Hello Kitty brand, on Monday said it was investigating a report that its database was hacked and private information on 3.3 million users was exposed. Accounts affected by the leak include those registered through the fan portals of hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th and mymelody.com.
The leaked data from the fan site of the Japanese toy company includes information such as users’ full names, email addresses and encrypted passwords, according to the report by security website CSOonline.com, which cited researcher Chris Vickery.
“The alleged security breach of the SanrioTown site is currently under investigation. Information will be made available once confirmed,” said a spokeswoman for Sanrio, best known for its popular Hello Kitty character which emblazons items ranging from stationery to clothing.
This is the second major breach of an Asian toy company’s database in recent months. Electronic toymaker VTech Holdings Ltd said in November that it was the victim of a cyber-attack that compromised information about customers who access a portal for downloading children’s games, books and other educational content.