WASHINGTON, Dec. 22 (UPI) — An online database for fans of Hello Kitty and other Sanrio products may have been exposed to hackers, putting the personal information of up to 3.3 million users at risk.
Security researcher Chris Vickery told NBC News the Sanrio data was “very easily accessed. Very easily queried.” He said he used the Shodan search engine that indexes public devices and servers to find the breach.
Sanrio is a Japanese company best-known for Hello Kitty, one of the most successful brands in the world.
Shodan listed the Sanrio data on Nov. 22, meaning the personal information of millions was at risk for nearly a month, including real first and last names, locations, password questions and hints, and potentially passwords themselves. Many of the users are likely to be children, CSO reported.
“The alleged security breach of the SanrioTown site is currently under investigation,” Sanrio told NBC News in a statement. “Information will be made available once confirmed.”