Hackers claim they hacked Crunchyroll and stole personal information of 6.8 million users; Crunchyroll has launched an investigation into the data breach.
Hackers claim to have stolen personal information from 6.8 million users of
Crunchyroll probes breach after hacker claims to steal 6.8M users' data
https://www.bleepingcomputer.com/news/security/crunchyroll-probes-breach-after-hacker-claims-to-steal-68m-users-data/
On March 19, 2026, a threat actor contacted the security media outlet BleepingComputer, claiming that they had gained unauthorized access to Crunchyroll's systems at 9 PM on March 12 after accessing an Okta account used by a Crunchyroll support staff member.
The person used for the unauthorized access is believed to be an employee of Telus International, a business process outsourcing (BPO) company, who has access to Crunchyroll support tickets (consultation forms with reference numbers for sending inquiries to support desks). The threat actor explained that they infected the support staff member's device with malware and stole their authentication credentials.
Screenshots provided to BleepingComputer by the threat actor revealed that the stolen credentials allowed Crunchyroll to access applications it uses internally, such as Zendesk, Wizer, MaestroQA, Mixpanel, Google Workspace Mail, Jiro Service Management, and Slack.
The threat actor claims to have used these credentials to download 8 million support tickets from Crunchyroll's Zendesk instance. These records reportedly include 6.8 million email addresses.
BleepingComputer was provided with sample support tickets from threat actors, which apparently contained a wide variety of information, including the user's name, account name, email address, IP address, geographical location, and the content of the support ticket.
While some reports on this cybersecurity incident mention that users' credit card information was leaked, BleepingComputer points out that 'credit card information was only leaked when customers shared their credit card information in support tickets.'
Furthermore, threat actors explained to BleepingComputer that even when credit card information is included, in most cases it only contains basic information such as the last four digits or the expiration date, and cases where the entire credit card number is included are very rare.
BleepingComputer confirmed that all of the 'support tickets stolen by the threat actor' were related to Telus International. Therefore, BleepingComputer reported that this 'supports the claim that the threat actor compromised Telus International employees.'
The threat actors claim they gained unauthorized access to Crunchyroll, but were unable to access it within 24 hours, although they managed to steal data up to mid-2025. The threat actors reportedly sent blackmail emails to Crunchyroll demanding a ransom of $5 million (approximately 793 million yen) in exchange for not releasing the data. However, as of the time of writing, Crunchyroll has not responded.
Additionally, another threat actor called ShinyHunters has also
Crunchyroll told BleepingComputer, 'We are aware of the recent allegations (that hacker Crunchyroll stole personal information from us) and we are currently working closely with leading cybersecurity experts to investigate the matter.'
Crunchyroll subsequently issued a statement saying, 'The investigation is still ongoing, and we continue to work with leading cybersecurity experts. At this time, we believe that the leaked information is primarily limited to customer service ticket data related to incidents with third-party vendors. We have not found any evidence of continued access to the systems in connection with these allegations. We will continue to closely monitor the situation.'
Because BPO companies often handle customer support, billing, and internal authentication systems for multiple companies, they have become highly valuable targets for cybercriminals in recent years.
Related Posts:
