Business

Hello Kitty owner Sanrio says fan site security leak fixed

Posted December 23, 2015 6:00 am

By KELVIN CHAN

FILE - In this July 24, 2014 file photo, a model dressing as Japanese character Hello Kitty, right, along with Hong Kong actresses Priscilla Wong, left, and Celine Yeung, second from left, pose with a new figure of Hello Kitty unveiled at the Madame Tussauds in Hong Kong, to mark the 40th anniversary of the birth of the popular Sanrio character. The Japanese company that owns the Hello Kitty brand said it has fixed a security leak in an online fan site for the famous character that compromised the personal information of 3.3 million users. Sanrio Co.âs digital arm said Tuesday, Dec. 22, 2015, that it âcorrectedâ a security vulnerability on the SanrioTown.com website and was carrying out an investigation. The leak was discovered Saturday, Dec. 19, by a security researcher. (AP Photo/Kin Cheung, File) The Associated Press

HONG KONG (AP) - The Japanese company that owns the Hello Kitty brand said it has fixed a security leak in an online fan site for the character that compromised the personal information of 3.3 million users.

Sanrio Co.'s digital arm said Tuesday that it "corrected" a security vulnerability on the SanrioTown.com website and was investigating. The leak was discovered Saturday by a security researcher.

Hong Kong-based Sanrio Digital said anyone who knew the Internet addresses of "specific vulnerable servers" could have accessed personal information such as names and birthdates. Passwords were also available but encrypted.

However, it added that the data did not include credit card or other payment details, and that no information was stolen.

"We investigated the problem and applied fixes, including securing the servers identified as vulnerable" by the researcher, the company said in a security advisory posted on the site.

The security researcher who identified the problem, Chris Vickery, disputed Sanrio's claim that information was not accessed, since he used multiple IP addresses himself to access data and confirm the vulnerability. He also believes Sanrio would have discovered the problem easily had it paid attention to its security practices.

SanrioTown.com is an online community for Hello Kitty enthusiasts around the world operated by Sanrio Digital. The site lets users play games, watch videos and keep up with news on their favorite cute character.

The site's members include 186,261 minors, said Mark Leeper, whose public relations firm is representing Sanrio Digital.

It's the second Internet security breach in the past month involving a large amount of children's data.

Kids' technology maker VTech reported a data breach that exposed the personal information of 6.4 million children around the world as well as 4.9 million parent accounts to which they were connected. British police have arrested one man on hacking-related charges in that case.

Sanrio Digital is a joint venture between Hong Kong game developer Typhoon Games, which has a 70 percent stake, and Sanrio, which owns the rest.

FILE - In this June 30, 2012 file photo, people ride on a sightseeing bus painted with a Hello Kitty character in Tokyo. The Japanese company that owns the Hello Kitty brand said it has fixed a security leak in an online fan site for the famous character that compromised the personal information of 3.3 million users. Sanrio Co.âs digital arm said Tuesday, Dec. 22, 2015, that it âcorrectedâ a security vulnerability on the SanrioTown.com website and was carrying out an investigation. The leak was discovered Saturday, Dec. 19, by a security researcher. (AP Photo/Koji Sasahara, File) The Associated Press

FILE - In this Thursday, Oct. 30, 2014 file photo, a model dressing as Japanese character Hello Kitty waits for guests to pose for a souvenir photo at Sanrio Puroland, a theme park featuring Hello Kitty in Tokyo. The Japanese company that owns the Hello Kitty brand said it has fixed a security leak in an online fan site for the famous character that compromised the personal information of 3.3 million users. Sanrio Co.âs digital arm said Tuesday, Dec. 22, 2015, that it âcorrectedâ a security vulnerability on the SanrioTown.com website and was carrying out an investigation. The leak was discovered Saturday, Dec. 19, by a security researcher. (AP Photo/Eugene Hoshiko, File) The Associated Press

Article Comments

Article Categories
Business Content Providers Nation and World News

Article Comments

Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the "flag" link in the lower-right corner of the comment box. To find our more, read our FAQ.