Sanrio, the company behind the popular Hello Kitty brand, has suffered a data leak, according to a security specialist.
Researcher Chris Vickery told the Salted Hash blog on Saturday that he discovered a database for sanriotown.com that houses 3.3 million customer accounts and has ties to a number of Hello Kitty portals.
The records include first and last names, birthday, gender, country of origin, email addresses, password hint questions and their corresponding answers, according to the report. “Hashed” passwords, which use an algorithm to protect the password, were also reportedly exposed.
However, it’s not clear whether the alleged leak exposed any children’s personal information.
Sanrio told FoxNews.com that the alleged security breach of sanriotown.com is under investigation. “Information will be made available once confirmed,” it added, in an emailed statement.
Vickery said that accounts registered through the fan portals of hellokitty.com, hellokitty.com.sg, hellokitty.com.my, hellokitty.in.th and mymelody.com were impacted by the leak. On Monday the researcher told Salted Hash that the three IP addresses that were disclosing user information have been secured. The issue was not a hack, but a misconfigured database installation, he said.
Nonetheless, the report keeps the issue of consumer data security firmly in the spotlight. The personal information of more than 11.2 million people – including almost 6.4 million children, was exposed recently following a hack of the electronic toy maker VTech.
Experts say that parents must pay careful attention to how personal data is handled. “In addition to evaluating toys, apps, and websites for their entertainment and educational value, parents must also look at the security risks associated with such activity and demand that companies provide details about the data they collect, how it is used, who has access to it, and how it is secured,” said Suni Munshani, CEO of data security specialist Protegrity, in a statement emailed to FoxNews.com.
Follow James Rogers on Twitter @jamesjrogers