March 23 (Reuters) – Crunchyroll, a subscription-based anime streaming service, is probing a data breach after hackers claimed to have stolen personal information of nearly 6.8 million people, BleepingComputer reported on Monday. “We are aware of recent claims and are currently working closely with leading cybersecurity experts to investigate the matter,” Crunchyroll, owned by Sony […]
Science
Crunchyroll probes breach after hacker steal users data, BleepingComputer reports
Audio By Carbonatix
March 23 (Reuters) – Crunchyroll, a subscription-based anime streaming service, is probing a data breach after hackers claimed to have stolen personal information of nearly 6.8 million people, BleepingComputer reported on Monday.
“We are aware of recent claims and are currently working closely with leading cybersecurity experts to investigate the matter,” Crunchyroll, owned by Sony Group Corporation, told technology specialist site BleepingComputer.
The statement came after a threat actor contacted BleepingComputer last Thursday and claimed they breached Crunchyroll on March 12, at 9 p.m. ET, after gaining access to the Okta SSO account of a support agent working for Crunchyroll, the report said.
The support agent is reported to be an employee of Telus International, a business process outsourcing (BPO) company with access to Crunchyroll support tickets, according to BleepingComputer.
Threat actors claim to have infected the agent’s computer with malware to steal their credentials, which, according to screenshots shared with BleepingComputer, granted access to several Crunchyroll applications, including Zendesk, Google Workspace Mail, Jira Service Management and Slack.
According to the report, the attackers claim to have extracted 8 million support ticket records from Crunchyroll’s Zendesk platform, 6.8 million of which are allegedly unique email addresses.
Samples of the support tickets seen by BleepingComputer and then deleted contain a variety of information, including the Crunchyroll user’s name, login name, email address, IP address and general geographic location.
Crunchyroll had a paid member base of over 17 million as of March 2025.
The attackers claim their access was revoked after 24 hours, during which they were able to steal data up to mid-2025, BleepingComputer said. They also allege they sent extortion emails to Crunchyroll demanding $5 million to prevent public release of the stolen data, but received no response from the company.
Both Crunchyroll and parent Sony Group did not immediately respond to Reuters’ requests for comment.
(Reporting by Juby Babu in Mexico City; Editing by Alan Barona)