· 7 comments · Save ·
Announcements Mar 24, 2026 at 3:44 AM

Crunchyroll probes breach after hacker claims to steal 6.8M users' data: “Our investigation is ongoing & we continue to work with leading cybersecurity experts. At this time we believe that the info is primarily limited to customer service ticket data following an incident with a third-party vendor”

Posted by Task_Force-191

https://www.bleepingcomputer.com/news/security/crunchyroll-probes-breach-after-hacker-claims-to-steal-68m-users-data
🚩 Report this post

7 Comments

Sign in to comment — or just click the box below.
🔒 Your email is never shown publicly.
SaltyMeatBoy Mar 24, 2026 +15
“At this time we believe it’s limited to—” “Our investigation is ongoing—“ Whatever bro. Anyone who trusts this company again, let alone pays them, is a moron.
15
Kitagawasans Mar 24, 2026 +5
Didn’t they just sign a deal with a certain AI company that’s from a certain country which is known for infiltrating private companies and disregarding security measures, definitely not suspicious.
5
LollipopChainsawZz Mar 24, 2026 +7
So that's why my account was hacked. I don't even use much and I'm not subbed. But I got like 4 separate notifications that 4 different people hacked it and even linked it to a fire stick lol
7
Task_Force-191 Mar 24, 2026 +1
**Full Statement from Crunchyroll:** >"Our investigation is ongoing, and we continue to work with leading cybersecurity experts. At this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor," Crunchyroll shared in a later statement. > "We have not identified evidence of ongoing access to systems in relation to these claims. We are continuing to monitor the situation closely." Main Excerpt from the Article: This statement comes after a threat actor contacted BleepingComputer last Thursday and claimed they breached Crunchyroll on March 12th at 9 PM EST, after gaining access to the Okta SSO account of a support agent working for Crunchyroll. This support agent is allegedly an employee of the Telus International business process outsourcing (BPO) company, who has access to Crunchyroll support tickets. The threat actors claimed to have used malware to infect the agent's computer and gain access to their credentials. Using this access, the attackers say they downloaded 8 million support ticket records from Crunchyroll's Zendesk instance. Of these records, there are allegedly 6.8 million unique email addresses. Samples of the support tickets seen by BleepingComputer and then deleted contain a wide variety of information, including the Crunchyroll user's name, login name, email address, IP address, general geographic location, and the contents of the support tickets. While other reports on the incident claim that credit card information was exposed, BleepingComputer has confirmed that credit card details were exposed only when the customer shared them in the support ticket. For the most part, this included only basic information, such as the last four digits or expiration dates, and only a few contained full card numbers, according to the threat actor. The attacker says their access was revoked after 24 hours, letting them steal data up to mid-2025. The hacker claims to have sent extortion emails to Crunchyroll, demanding $5 million in exchange for not publicly leaking the data, but did not receive a response from the company.
1
crossedstaves Mar 24, 2026 +6
Wow... That hacker actually was thinking they'd pay $5 million to stop the realease of that? That seems incredibly foolish.  What company has ever been concerned enough about a customer data breach to do anything other than make a statement and send an email? And that's when it's an actual database of customer information and not just an assortment of support tickets that might have something particularly sensitive. It just wasn't ever going to happen
6
Virtual-Nose7777 Mar 24, 2026 +1
Top people are working on it.
1
Maultaschenman Mar 24, 2026 +1
Yet they refuse to add 2FA
1
← Back to Board