Crunchyroll data breach feared

Anime streamer Crunchyroll investigates data breach claims
Threat actor claims 8 million support tickets accessed
User data potentially compromised via third-party vendor

Summarized by AI ⓘ

Trending now

SEE ALL

Feedpost Specials

New Dad's Trembling Hands: Viral Video Captures Tender First Hold of Newborn

Feedpost Specials

Unlock Your Pet's Health: A Beginner's Guide to Digital Wellness Tracking

Timesnow

Effective Ways to Recycle Old Electronics: A Guide for Consumers

What is the story about?

A security incident has led to a data breach at a popular anime streaming platform. Discover the details of the breach, how it occurred, and what information may have been compromised.

Breach Uncovered

Reports began circulating this week concerning a threat actor who claimed to have gained unauthorized access to a significant amount of data belonging

to Crunchyroll users. The hacker asserted that they had obtained information pertaining to millions of individuals. In response to these allegations, the streaming service, which was acquired by Sony for $1.18 billion and operates as a joint venture between Sony Pictures Entertainment and Aniplex, initiated an investigation. While acknowledging the ongoing inquiry and their collaboration with cybersecurity experts, the company stated that they had not yet found any evidence of persistent unauthorized access to their systems. This situation raises concerns for the platform's vast user base, which numbers 15 million subscribers globally and boasts a library of over 2,000 titles available in more than 12 languages, underscoring the potential reach of the alleged breach.

Third-Party Vendor Involved

Further details emerged, suggesting that the breach may have originated through a third-party vendor, specifically impacting Crunchyroll's customer support system, Zendesk. Materials shared by International Cyber Digest, an account focused on cybersecurity, indicated that the attacker potentially accessed internal Slack messages and customer support ticket data. It is believed that the hacker gained entry by compromising an employee's account at Telus Digital, a large outsourcing company that manages customer support operations for Crunchyroll. The alleged unauthorized access to customer support ticket data reportedly continued until early 2025, at which point the hacker's access was revoked. It's important to note that this incident is reportedly separate from a recent breach that affected Telus Digital itself, a fact highlighted by the cybersecurity account. Crunchyroll has not provided further comment on whether the third-party vendor in question is indeed its support partner, and Telus Digital has not yet responded to requests for comment regarding the alleged security lapse.

Data Compromised

The extent of the data potentially compromised is substantial, according to claims made by the hacker to BleepingComputer. The attacker alleged the download of approximately eight million support ticket records from Crunchyroll's systems. Within this vast dataset, the hacker claimed to have acquired roughly 6.8 million unique email addresses. However, these claims have not been independently verified at this time. The hacker also detailed their method of entry, stating they initiated access on March 12 by compromising an Okta single sign-on account belonging to a Crunchyroll support agent. This account compromise provided the initial foothold to access the broader support ticket information, raising questions about the security protocols in place for third-party access and employee credentials within the support infrastructure.