Sanrio probes reported Hello Kitty hack exposing 3.3 million users

Sanrio, the Japanese owner of the HelloKitty brand, on Monday said it was investigating a report thatits database was hacked and private information on 3.3 millionusers was exposed.

The leaked data from the fan site of the Japanese toycompany includes information like users' full names, email
addresses and encrypted passwords, according to the report bysecurity website CSOonline.com, which cited researcher ChrisVickery.

"The alleged security breach of the SanrioTown site iscurrently under investigation. Information will be made
available once confirmed," said a spokeswoman for Sanrio, bestknown for its popular Hello Kitty character which emblazonsitems ranging from stationery to clothing.

It was not clear if the exposed data contained any financialinformation.

"There is a great potential of financial data being on thesetype of sites," said Peter Tran, general manager at networksecurity company RSA, the security division of EMC Corp, adding that there is a possibility of financial informationbeing compromised.

"It could have been a third party that left them vulnerableto be overwhelmed and breached in the way they are now," Tranadded.

This is the second major breach of an Asian toy company'sdatabase in as many months.

Electronic toymaker VTech Holdings Ltd said inNovember that it was the victim of a cyber attack thatcompromised information about customers who access a portal for downloading children's games, books and other educationalcontent.

Vickery could not immediately be reached for comment.