A security breach that exposed the details of 3.3 million Hello Kitty fans online has been "corrected", according to the company.
The breach was exposed earlier this week by a security expert, who revealed that millions of people's personal data had been exposed since 22 November. Exposed data included first and last names, gender, country of origin, email address, password hints and answers and unsalted and easily crackable SHA-1 encrypted password hashes.
Sanrio, who owns Hello Kitty, has now said that it has "closed the loophole" and reassured fans that "no information had been stolen". "We investigated the problem and applied fixes, including securing the servers identified as vulnerable," said the company in a blog post.
The firm has reassured users that no information had been stolen or exposed, but did advise changing passwords originally used to access the site. Details of around 180,000 children were included in their user base. "We are conducting an internal investigation and security review into this incident. At this time we have no indication that users’ personal information was stolen by malicious parties," it said.
Hello Kitty is the latest in a long line of companies including VTech, TalkTalk, Wetherspoon and Ashley Madison whose user data has been exposed.
This article was originally published by WIRED UK
