CP
cyberpings
BreachesHIGH

Crunchyroll Data Breach - 6.8 Million Users Affected

BCBleepingComputer
CrunchyrollOktaZendeskdata breachTelus
🎯

Basically, hackers stole personal information from 6.8 million Crunchyroll users.

Quick Summary

Crunchyroll is facing a serious data breach affecting 6.8 million users. Hackers accessed personal information through a compromised employee account. This incident raises significant privacy concerns for users, urging immediate action to protect their data.

What Happened

Popular anime streaming platform Crunchyroll is currently investigating a significant data breach. Hackers have claimed to have stolen personal information for approximately 6.8 million users. The breach reportedly occurred on March 12th, when attackers accessed the Okta SSO account of a support agent employed by Telus International, a business process outsourcing company. This access allowed them to infiltrate various Crunchyroll applications, including Zendesk and Google Workspace.

The threat actor contacted BleepingComputer, revealing that they used malware to compromise the support agent's computer. This enabled them to obtain credentials that provided access to sensitive data, including 8 million support ticket records. The attackers claim to have downloaded a wealth of information, including user names, email addresses, and geographic locations, raising serious concerns about user privacy.

Who's Affected

The breach impacts a staggering 6.8 million unique email addresses, potentially exposing a vast array of personal information. While the hackers claimed that some credit card details were also accessed, BleepingComputer confirmed that these were only visible when shared in support tickets. Most of the exposed data consists of basic user information, which can still be exploited for various malicious purposes.

The compromised data could be particularly harmful as it includes personal identifiers that can be used for phishing attacks or identity theft. This incident highlights the vulnerabilities inherent in outsourcing customer support operations, especially when they involve sensitive user data.

What Data Was Exposed

The data breach has led to the exposure of a variety of personal information. Users' names, login names, email addresses, IP addresses, and support ticket contents were among the information accessed by the hackers. The attackers claimed that they had access to this data for up to 24 hours before their access was revoked.

While the hackers did not find full credit card numbers in most cases, they did come across partial information, such as the last four digits and expiration dates. This partial data can still pose a risk, as it can be used in combination with other information to facilitate fraud.

What You Should Do

If you are a Crunchyroll user, it's crucial to take immediate action to protect your personal information. Here are some steps you can take:

  • Change your password: Update your Crunchyroll password and any other accounts that use the same credentials.
  • Enable two-factor authentication: If available, enable two-factor authentication for added security.
  • Monitor your accounts: Keep an eye on your email and financial accounts for any suspicious activity.
  • Be cautious of phishing attempts: Be wary of unsolicited emails or messages that ask for personal information.

Crunchyroll is working closely with cybersecurity experts to investigate the breach further and mitigate any potential damage. As this situation develops, users should remain vigilant and proactive in safeguarding their information.

🔒 Pro insight: The breach underscores the risks associated with BPOs, as attackers increasingly target support staff to access sensitive customer data.

Original article from

BleepingComputer · Lawrence Abrams

Read Full Article

Share

Related Pings

HIGHBreaches

Data Breach - Kaplan Affects Over 230,000 Individuals

Kaplan has reported a data breach affecting over 230,000 individuals. Sensitive information, including Social Security numbers, was leaked. This incident raises serious privacy concerns for those impacted. Legal actions are already underway.

The Record·
HIGHBreaches

Lockheed Martin - Breach Allegations by Pro-Iran Hacktivist

Lockheed Martin is facing a serious breach threat from a pro-Iran hacktivist group. They're demanding millions to keep sensitive data safe. This could have major implications for national security.

Cybersecurity Dive·
MEDIUMBreaches

Stryker Cyberattack - Containment and Restoration Update

Stryker confirms a cyberattack has been contained, with restoration efforts in progress. Palo Alto Networks is conducting a forensic investigation to ensure security. This incident highlights the importance of cybersecurity in healthcare.

Cybersecurity Dive·
HIGHBreaches

Data Breaches Expose Millions – March Threat Report

What Happened In the latest threat intelligence report, significant data breaches have come to light. Navia Benefit Solutions, a U.S.-based employee benefits administrator, revealed a breach that affected over 2.6 million individuals. Unauthorized access and potential data exfiltration occurred between December 22, 2025, and January 15, 2026. Personal, health, and benefits data may have been compromised. Additionally, Aura, an

Check Point Research·
HIGHBreaches

Trio-Tech International - Ransomware Attack Leads to Data Leak

Trio-Tech International faced a ransomware attack that led to a significant data leak. This incident has raised concerns about cybersecurity in the semiconductor industry. The company is currently assessing the impact and notifying affected individuals.

The Register Security·
HIGHBreaches

Gaza Missing Persons - Hassan's Story Highlights Crisis

Hassan, a 16-year-old with autism, has gone missing in Gaza, highlighting the plight of thousands unaccounted for. Families are left in despair as they search for answers amid the chaos of war. The lack of forensic technology complicates efforts to identify the missing, raising urgent humanitarian concerns.

Wired Security·