ANAVEM
EnglishFrancais
ANAVEM
Languagefr
Crunchyroll data breach - hacker claims 6.8 million user records stolen

Crunchyroll Investigates Data Breach After Hacker Claims 6.8M Records Stolen

Crunchyroll is investigating a security incident after a threat actor claimed to have exfiltrated personal data from approximately 6.8 million users via a compromised support agent account at a third-party BPO provider, Telus International.

Evan MaelEvan Mael
23 March 2026, 21:00 3 min read

Last updated 23 March 2026, 23:00

SEVERITYHigh
EXPLOITUnknown
PATCH STATUSUnavailable
VENDORCrunchyroll
AFFECTEDCrunchyroll user accounts, sup...
CATEGORYNews

Key Takeaways

  • Crunchyroll is investigating a data breach after a threat actor claimed to have stolen 6.8 million user records
  • The attacker compromised a Telus International BPO employee's Okta SSO credentials on March 12 using malware
  • Approximately 8 million support tickets were downloaded from Crunchyroll's Zendesk, containing 6.8 million unique email addresses
  • Exposed data includes names, usernames, email addresses, IP addresses, and support ticket content
  • Credit card data was only present in a small number of tickets where users had voluntarily included it
  • The attacker demanded $5 million not to release the data publicly; Crunchyroll did not respond
  • The attack lasted approximately 24 hours before access was revoked, limiting stolen data to records up to mid-2025

Anime streaming platform Crunchyroll has confirmed it is investigating a potential data breach after a threat actor claimed to have stolen personal information belonging to approximately 6.8 million users.

How the Attack Unfolded

According to the attacker, the breach occurred on March 12 after they used malware to steal credentials from a support agent employed by Telus International, a BPO company handling Crunchyroll customer support. Using the agent's Okta SSO account, they accessed multiple internal platforms including Zendesk, Google Workspace, Slack, and Mixpanel.

What Data Was Exposed

The attackers downloaded approximately 8 million support ticket records from Crunchyroll's Zendesk instance. Of these, roughly 6.8 million contained unique email addresses. Exposed data includes names, usernames, email addresses, IP addresses, geographic locations, and the contents of support tickets.

Credit Card Claims Clarified

Some reports suggested credit card data was stolen. However, card details appear only in cases where users voluntarily included them in the text of their support tickets. The vast majority of such instances involve only partial card information such as the last four digits or expiry dates. A very small number of tickets contained full card numbers, according to the attacker.

Related: What is a Botnet? Definition, How It Works & Security Risks

Related: What is a Firewall? Definition, How It Works & Use Cases

Related: Windows 11 Emergency Patch KB5085516 Fixes Microsoft Account

Extortion Demand and Crunchyroll's Response

The attacker claims to have sent extortion emails to Crunchyroll demanding $5 million to prevent the stolen data from being publicly leaked. Crunchyroll has not publicly responded to the extortion demand. The company stated it is working with cybersecurity experts to investigate the matter. The attacker's access window lasted approximately 24 hours, limiting the data to records up to mid-2025.

Why BPO Companies Are a Prime Target

BPO companies have increasingly become a vector for attacks on larger organizations. By compromising a single BPO employee, threat actors can potentially access multiple client companies' data simultaneously. Recent incidents have shown attackers using social engineering, insider bribing, and malware to compromise BPO accounts — all leading to data theft or ransomware attacks at the final target companies. This incident is separate from a previously reported breach at Telus Digital itself.

Frequently Asked Questions

Was my Crunchyroll account hacked?+
Crunchyroll is investigating the incident. If you have submitted a support ticket, your name, email, IP address and ticket content may have been exposed.
What data was stolen in the Crunchyroll breach?+
The attacker claims to have stolen approximately 6.8 million unique email addresses along with associated names, usernames, IP addresses, geographic locations, and support ticket content.
Was credit card information stolen from Crunchyroll?+
Card details were only present in tickets where users had voluntarily included them. Most instances involved only partial card data. Very few tickets contained full card numbers.
How did the attacker breach Crunchyroll?+
A Telus International BPO employee supporting Crunchyroll had their Okta SSO credentials stolen via malware, giving the attacker access to Zendesk, Slack, Google Workspace, and other internal tools.
What should Crunchyroll users do now?+
Users should monitor for phishing emails, change their passwords as a precaution, and watch for unusual account activity. No patch is available as this was a third-party vendor breach.
Evan Mael
About the Author

Evan Mael

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Tags
#data-breach#cybersecurity

Discussion

Share your thoughts and insights

Sign in to join the discussion

Sign inCreate account

Related Articles

Windows 11 security update KB5085516 emergency patch
News

Windows 11 Emergency Patch KB5085516 Fixes Microsoft Account Sign-In Failures

March 23, 10:00 PM3 min
Laptop screen showing terminal interface with green text on dark background
Open Source

Kali Linux 2026.1 Adds BackTrack Mode, 8 New Security Tools

March 25, 01:31 PM5 min
Modern multi-monitor Linux desktop setup with clean interface display
Open Source

GNOME 50 Desktop Environment Released for Linux

March 19, 01:40 AM5 min
iPhone showing AI-powered browser interface with chat elements and modern design
Consumer Electronics

Perplexity Launches Comet AI Browser for iOS and iPadOS

March 18, 07:04 PM5 min