Data leak at Wakanim
Wakanim user data surfaced in a misconfigured, publicly accessible ElasticSearch server hoarding ~95 million records from 17 past French breaches, exposing names, emails, postal and IP addresses and phone numbers.
- Victim
- Wakanim
On 20 December 2024, Wakanim β the French anime streaming service (part of the Crunchyroll group) β was named among the victims of a sprawling data exposure first reported by Cybernews researchers. Wakanim itself was not freshly hacked here: its user records appeared as one corpus inside a publicly reachable, unsecured database left open by an unidentified actor dubbed a "mysterious data hoarder."
The exposure stemmed from a misconfigured ElasticSearch instance accessible over the internet without any authentication. The roughly 30 GB store held about 95 million records, corresponding to an estimated 68 million distinct identities, compiled from 17 earlier breaches affecting French organisations including Darty, Discord, Go-Sport, Intersport, LDLC, SFR, Snapchat, Shadow and Wakanim.
Exposed data categories across the aggregated dataset included:
- Full names (first and last)
- Email addresses and usernames
- Postal/home addresses
- Phone numbers
- IP addresses
Because the trove combined many prior leaks, the count attributable to Wakanim alone is not isolated in the sources. The identity and motive of the hoarder remain unknown, and no confirmed remediation timeline for Wakanim records has been published, so the incident's status is unclear.
Sources
- cybernews.comhttps://cybernews.com/security/french-records-exposed-by-mysterious-data-hoarder/
- incyber.orghttps://incyber.org/en/article/massive-database-of-french-internet-users-leaked-online/
- oodaloop.comhttps://oodaloop.com/briefs/cyber/over-90-million-french-records-exposed-mysterious-data-hoarder-leaves-instances-open/