Crunchyroll Data Breach Exposes Millions of User Records
Anime streaming giant Crunchyroll has confirmed a significant data breach involving customer service ticket information, following claims by a hacker of unauthorized access to user data and internal systems.
The breach reportedly stems from an incident with a third-party vendor, potentially compromising sensitive user information. Crunchyroll, acquired by Sony from AT&T in 2020 for $1.18 billion, operates as a joint venture between Sony Pictures Entertainment and Japan-based Aniplex. The platform boasts a vast library of over 2,000 titles in more than 12 languages, serving approximately 15 million subscribers worldwide.
Recent reports indicate that a threat actor claims to have accessed data pertaining to millions of Crunchyroll users. The company has acknowledged these claims and is actively investigating the situation. In a statement to TechCrunch, Crunchyroll emphasized its commitment to security, stating, Our investigation is ongoing, and we continue to work with leading cybersecurity experts. The company also noted that, as of now, there is no evidence of ongoing unauthorized access.
Further insights suggest that the attacker may have infiltrated Crunchyroll’s Zendesk support system. Materials shared with TechCrunch by International Cyber Digest, a cybersecurity-focused account, include screenshots that appear to display internal Slack messages and stolen support data. The breach allegedly occurred through the compromise of an employee at Telus Digital, an outsourcing firm responsible for handling customer support for Crunchyroll. The hacker purportedly accessed customer support ticket data until early 2025, at which point their access was revoked.
It’s important to note that this incident is reportedly separate from a recent breach affecting Telus Digital, which the company confirmed last week. Crunchyroll has not specified whether the third-party vendor involved in the current breach is Telus Digital. Telus Digital has not responded to requests for comments regarding the situation.
The hacker has claimed to have downloaded approximately eight million support ticket records from Crunchyroll’s systems, including around 6.8 million unique email addresses. These claims have not been independently verified. The hacker also stated that access was gained on March 12 by compromising an Okta single sign-on account belonging to a Crunchyroll support agent.
