Sanrio, the Japanese firm that officially hosts Hello Kitty online, has said that it "corrected the vulnerability" that exposed personal data of around 3.3 million members – mostly children. The firm said that no user information had been stolen from its website.
On 19 December, computer security researcher Chris Vickery had uncovered that private information of Hello Kitty members was accessible to the public on sanriotown.com. However, Sanrio said in a statement: "We investigated the problem and applied fixes, including securing the servers identified as vulnerable. At this time we have no indication that users' personal information was stolen by malicious parties."
The company added that information accessible as a result of the security breach was limited to members' names, gender and date of birth. It assured its users that since no credit card or payment information was held on that particular server, no sensitive information was stolen.
Yet, Sanrio's claim was disputed by Vickery, who said that he used various net addresses to access members' data and confirmed that it was vulnerable to exposure as well. Nonetheless, Sanrio maintained: "Please note that membership data of SanrioTown is not shared with other Sanrio services or websites (such as Sanrio.com), therefore other Sanrio services were not affected by this security vulnerability." But the Hello Kitty owner did instruct its members to change their existing passwords.
Online hacks have been a growing concern over the past few months as major companies such as VTech, Ashley Madison and TalkTalk have failed in protecting user data.