Crunchyroll Data Breach Exposes 6.8 Million User Records
Crunchyroll Data Breach Exposes 6.8 Million User Records
Anime streaming giant Crunchyroll has confirmed a significant data breach that compromised the personal information of approximately 6.8 million users. The breach, which occurred in March 2026, involved unauthorized access to the company's customer support system, leading to the exfiltration of sensitive user data.
Details of the Breach
The incident was initiated when attackers infiltrated the computer of a Telus International support agent through malware, gaining access to their Okta Single Sign-On (SSO) account for a 24-hour period. During this time, the perpetrators accessed Crunchyroll's Zendesk system, extracting around 8 million support tickets containing data from 6.8 million unique email addresses. The compromised information includes:
- Usernames
- Login names
- Email addresses
- IP addresses
- Geolocation data
- Content of support tickets
While there is no confirmed evidence that financial data was accessed—except for information users may have shared within support tickets—the attackers also breached other third-party applications, including Slack, Google Workspace Mail, Wizer, and Mixpanel. The hacking group reportedly demanded a $5 million ransom to delete the stolen data; however, Crunchyroll did not respond to the extortion attempt.
Company Response and Ongoing Investigation
Crunchyroll has stated that it is actively investigating the breach in collaboration with cybersecurity experts. The company believes the incident is confined to customer support ticket data accessed via a third-party vendor. A spokesperson for Crunchyroll emphasized their commitment to user security, stating, "We are continuing to monitor the situation closely and are taking all necessary steps to protect our users' information."
Users are advised to remain vigilant by monitoring their accounts for any suspicious activity and to be cautious of potential phishing attempts that may arise from the exposed information.
Implications and Industry Reactions
This breach underscores the vulnerabilities associated with third-party service providers and the importance of robust security measures across all platforms. Cybersecurity experts highlight the need for companies to implement stringent access controls and continuous monitoring to prevent unauthorized access.
As the investigation continues, Crunchyroll has pledged to enhance its security protocols to prevent future incidents and to keep users informed of any developments.
For more detailed information on the breach, you can refer to the following sources: