Leak at Crunchyroll
On 24 March 2026, anime streaming service Crunchyroll confirmed a data breach traced to a compromised third-party support vendor (Telus), exposing customer support-ticket data — names, emails, IP addresses and partial payment-card details — with a hacker claiming ~8M ticket records and ~6.8M unique email addresses.
- Victim
- Crunchyroll
On 24 March 2026, Crunchyroll — the Sony-owned anime streaming platform — confirmed a data breach affecting its customer support operations. The intrusion was not a direct compromise of Crunchyroll's core systems but a supply-chain incident: attackers gained access through Telus Digital, the third-party vendor that runs Crunchyroll's customer support.
The breach originated on 12 March 2026, when an attacker compromised an Okta single sign-on account belonging to a Crunchyroll support agent working for Telus — reportedly via a phishing email and malware on the agent's workstation. With that access, the attacker reached Crunchyroll's Zendesk support system and exfiltrated support-ticket data before the access was revoked, roughly 24 hours later.
Data reported exposed (drawn from support tickets) includes:
- First and last names
- Email addresses
- IP addresses and general geographic location
- Support-ticket contents
- Partial payment-card details (e.g. last four digits, expiry dates), with full card numbers only in rare cases
The threat actor — linked in reporting to the ShinyHunters group — claimed to have stolen around 100 GB of data, approximately 8 million support-ticket records and about 6.8 million unique email addresses; these figures are the attacker's claims and remain unverified. A reported $5 million ransom demand went unanswered. Crunchyroll said it cut off the unauthorized access, has found no evidence of ongoing intrusion, and is working with external cybersecurity experts; a class-action lawsuit has since been filed in the United States.
Sources
- tomsguide.frhttps://www.tomsguide.fr/piratage-de-crunchyroll-des-cartes-bancaires-de-clients-seraient-compromises/
- techcrunch.comhttps://techcrunch.com/2026/03/24/crunchyroll-confirms-data-breach-after-hacker-claims-unauthorized-access/
- upguard.comhttps://www.upguard.com/news/crunchyroll-data-breach-2026-04-07
- classaction.orghttps://www.classaction.org/news/crunchyroll-failed-to-prevent-march-2026-data-breach-class-action-lawsuit-alleges