The Japanese creator of Hello Kitty said Tuesday an investigation had been launched into a reported flaw in its official fan website that allegedly exposed private information on 3.3 million accounts.
The probe came after US security website CSO warned that it had found online a database containing sensitive customer data — including names, birthdays, email addresses and passwords.
A spokesman for Hello Kitty creator Sanrio said the Hong Kong-based company which independently operates sanriotown.com was probing the reported flaw.
But "we are not aware of any case of actual data leak at this point", he added.
The Hong Kong-based company is 30 percent owned by a Sanrio subsidiary.
Citing researcher Chris Vickery, the US firm's report said hints for questions which users must answer to retrieve passwords for the website were also exposed.
It was unclear if any financial information was breached.
Another Asian toymaker, Hong Kong's VTech Holdings, said late last month that millions of accounts and children's profiles were exposed in a cyber attack on its database.
Hello Kitty, Japan's global icon of cute, has spawned a multi-billion dollar industry since Sanrio introduced the character in 1974.
The character appeared on a coin purse the following year and now features on more than 50,000 products in 130 countries and territories.