LmCast :: Stay tuned in

Crunchyroll probes breach after hacker claims to steal 6.8M users' data

Recorded: March 24, 2026, 2:22 a.m.

Original Summarized

Crunchyroll probes breach after hacker claims to steal 6.8M users' data

News

Featured
Latest

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

Microsoft Azure Monitor alerts abused for callback phishing attacks

Musician admits to $10M streaming royalty fraud using AI bots

FBI links Signal phishing attacks to Russian intelligence services

OpenAI rolls out ChatGPT Library to store your personal files

Mazda discloses security breach exposing employee and partner data

Tycoon2FA phishing platform returns after recent police disruption

TeamPCP deploys Iran-targeted wiper in Kubernetes attacks

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityCrunchyroll probes breach after hacker claims to steal 6.8M users' data

Crunchyroll probes breach after hacker claims to steal 6.8M users' data

By Lawrence Abrams

March 23, 2026
03:21 PM
0

Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people.
"We are aware of recent claims and are currently working closely with leading cyber security experts to investigate the matter," Crunchyroll initially told BleepingComputer.
"Our investigation is ongoing, and we continue to work with leading cybersecurity experts. At this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor," Crunchyroll shared in a later statement.
"We have not identified evidence of ongoing access to systems in relation to these claims. We are continuing to monitor the situation closely."
This statement comes after a threat actor contacted BleepingComputer last Thursday and claimed they breached Crunchyroll on March 12th at 9 PM EST, after gaining access to the Okta SSO account of a support agent working for Crunchyroll.
This support agent is allegedly an employee of the Telus International business process outsourcing (BPO) company, who has access to Crunchyroll support tickets. The threat actors claimed to have used malware to infect the agent's computer and gain access to their credentials.
From screenshots shared with BleepingComputer, these credentials gave access to various Crunchyroll applications, including Zendesk, Wizer, MaestroQA, Mixpanel, Google Workspace Mail, Jiro Service Management, and Slack.
Using this access, the attackers say they downloaded 8 million support ticket records from Crunchyroll's Zendesk instance. Of these records, there are allegedly 6.8 million unique email addresses.
Samples of the support tickets seen by BleepingComputer and then deleted contain a wide variety of information, including the Crunchyroll user's name, login name, email address, IP address, general geographic location, and the contents of the support tickets.
While other reports on the incident claim that credit card information was exposed, BleepingComputer has confirmed that credit card details were exposed only when the customer shared them in the support ticket.
For the most part, this included only basic information, such as the last four digits or expiration dates, and only a few contained full card numbers, according to the threat actor.
The support tickets seen by BleepingComputer all reference Telus, supporting the threat actor's claim that they compromised a BPO employee.
The attacker says their access was revoked after 24 hours, letting them steal data up to mid-2025.
The hacker claims to have sent extortion emails to Crunchyroll, demanding $5 million in exchange for not publicly leaking the data, but did not receive a response from the company.
While this attack targeted a Telus employee, BleepingComputer was told it was not related to the massive breach at Telus Digital by the ShinyHunters extortion gang.
BPOs are a high-value target
Business process outsourcing companies have become high-value targets for threat actors over the past few years, as they often handle customer support, billing, and internal authentication systems for multiple companies.
As a result, threat actors can compromise a single BPO employee and gain access to large amounts of customer and corporate data across multiple companies.
In the past year, threat actors have exploited BPOs by bribing insiders with legitimate access, social engineering support staff into granting unauthorized access, and compromising BPO employee accounts to reach internal systems.
In one of the most prominent cases, attackers posed as an employee and convinced a Cognizant help desk support agent to grant them access to a Clorox employee account, allowing them to breach the company's network.
Major retailers also confirmed that social engineering attacks against support personnel enabled ransomware and data theft attacks.
Marks & Spencer confirmed that attackers used social engineering to breach its networks, while Co-op disclosed data theft following a ransomware attack that similarly abused support staff's access.
In response to the attacks on M&S and Co-op retail companies, the U.K. government issued guidance on social engineering attacks against help desks and BPOs.
In some cases, hackers target the BPO employee accounts themselves to gain access to the customer data they manage.
In October, Discord disclosed a data breach that allegedly exposed data from 5.5 million unique users after its Zendesk support system instance was compromised.
Update 3/23/25 7:51 PM ET: Updated story with additional statement from Crunchyroll.

Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Download The Report

Related Articles:
Telus Digital confirms breach after hacker claims 1 petabyte data theftGrubhub confirms hackers stole data in recent security breachZendesk spam wave returns, floods users with 'Activate account' emailsShinyHunters claim hacks of Okta, Microsoft SSO accounts for data theftMazda discloses security breach exposing employee and partner data

BPO
Crunchyroll
Data Breach
Okta
SSO
Support Ticket
Zendesk

Lawrence Abrams
Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

Microsoft: March Windows updates break Teams, OneDrive sign-ins

Microsoft Azure Monitor alerts abused for callback phishing attacks

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

Sponsor Posts

Overdue a password health-check? Audit your Active Directory for free

Cyber resilience without the complexity. Join Zero Networks to stop lateral movement fast.

Are refund fraud methods targeting your brand? You can monitor the underground for these threats.

Secure your AI agents without sacrificing speed.

AI is a data-breach time bomb: Read the new report

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now


Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Crunchyroll has been the target of a significant data breach, according to a claim made by a hacker who alleges they accessed and stole approximately 6.8 million users’ personal data. This incident began with the attacker gaining access to an Okta Single Sign-On (SSO) account belonging to a support agent employed by Telus International, a business process outsourcing (BPO) company that provides customer support services for Crunchyroll. The attacker utilized malware to infect the agent’s computer, obtaining credentials that granted them access to a range of Crunchyroll applications, including Zendesk, Wizer, MaestroQA, Mixpanel, Google Workspace Mail, and Jiro Service Management. Leveraging this access, the hacker downloaded 8 million support ticket records from Crunchyroll’s Zendesk instance, of which 6.8 million unique email addresses were extracted.

The stolen support tickets contained detailed information about Crunchyroll users, including their names, login credentials, email addresses, IP addresses, geographic locations, and the specifics of the support tickets themselves. While the attacker initially claimed that credit card information was also exposed, BleepingComputer’s investigation found that this data was limited to the last four digits or expiration dates of credit cards, with only a small number containing full card details. The attacker’s access was ultimately revoked after 24 hours, allowing them to capture data up to mid-2025. The hacker attempted to extort $5 million from Crunchyroll in exchange for not releasing the data, but failed to receive a response.

This breach highlights the risks associated with relying on BPO companies for critical customer support functions. The attacker's success underscores the vulnerability that can arise when customer-facing support personnel have broad access to internal systems and data. The incident reinforces broader concerns about security vulnerabilities within the technology outsourcing industry and the potential impact of compromised employee accounts on a wide range of organizations. The threat actor leveraged a multi-pronged attack, utilizing social engineering, malware, and compromised credentials, demonstrating the increasing sophistication of cyberattacks. Lawrence Abrams reported that this attack was not related to the massive breach at Telus Digital by the ShinyHunters extortion gang.