A spokesman for Sanrio in Tokyo said the affair was being investigated by the Hong Kong-based company Sanrio Digital, which is 30 percent owned by a Sanrio subsidiary and which independently operates sanriotown.com.
US security website CSO had warned that it had found online a database containing sensitive customer data - including names, birthdays, email addresses and passwords.
But "the vulnerability has been corrected and investigations are underway", Sanrio Digital said in a statement.
"To our knowledge at this time, no personal information of Sanriotown.com users was stolen or exposed," it said, adding that the vulnerability did not include credit card or other payment information.
The Tokyo spokesman said Sanrio separately operates its own official websites, including online shopping functions, and "has nothing to do with this problem".
Citing researcher Chris Vickery, the US firm said hints for questions which users must answer to retrieve passwords for the website were also exposed.
Another Asian toymaker, Hong Kong's VTech Holdings, said late last month that millions of accounts and children's profiles were exposed in a cyber attack on its database.
Hello Kitty, Japan's global icon of cute, has spawned a multi-billion dollar industry since Sanrio introduced the character in 1974.
It appeared on a coin purse the following year and now features on more than 50,000 products in 130 countries and territories.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.