Crunchyroll probes breach after hacker claims to steal 6.8M users' data: “Our investigation is ongoing & we continue to work with leading cybersecurity experts. At this time we believe that the info is primarily limited to customer service ticket data following an incident with a third-party vendor”

Crunchyroll probes breach after hacker claims to steal 6.8M users’ data: “Our investigation is ongoing & we continue to work with leading cybersecurity experts. At this time we believe that the info is primarily limited to customer service ticket data following an incident with a third-party vendor”

by Task_Force-191

Task_Force-191 on March 24, 2026 3:45 am

**Full Statement from Crunchyroll:**

>”Our investigation is ongoing, and we continue to work with leading cybersecurity experts. At this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor,” Crunchyroll shared in a later statement.

> “We have not identified evidence of ongoing access to systems in relation to these claims. We are continuing to monitor the situation closely.”

Main Excerpt from the Article:

This statement comes after a threat actor contacted BleepingComputer last Thursday and claimed they breached Crunchyroll on March 12th at 9 PM EST, after gaining access to the Okta SSO account of a support agent working for Crunchyroll.

This support agent is allegedly an employee of the Telus International business process outsourcing (BPO) company, who has access to Crunchyroll support tickets. The threat actors claimed to have used malware to infect the agent’s computer and gain access to their credentials.

Using this access, the attackers say they downloaded 8 million support ticket records from Crunchyroll’s Zendesk instance. Of these records, there are allegedly 6.8 million unique email addresses.

Samples of the support tickets seen by BleepingComputer and then deleted contain a wide variety of information, including the Crunchyroll user’s name, login name, email address, IP address, general geographic location, and the contents of the support tickets.

While other reports on the incident claim that credit card information was exposed, BleepingComputer has confirmed that credit card details were exposed only when the customer shared them in the support ticket.

For the most part, this included only basic information, such as the last four digits or expiration dates, and only a few contained full card numbers, according to the threat actor.

The attacker says their access was revoked after 24 hours, letting them steal data up to mid-2025.

The hacker claims to have sent extortion emails to Crunchyroll, demanding $5 million in exchange for not publicly leaking the data, but did not receive a response from the company.

Snow White was released last year this week. The remake of the 1937 animated film grossed $87.2M Dom & 205.7M WW against a $240M+ budget, becoming a huge BO bomb, losing Disney at least $115M. It also received mixed to negative reviews and had generated numerous controversies since pre-release.

BATMAN V SUPERMAN: DAWN OF JUSTICE open 10 years ago this week. It’s the first live-action film to feature Batman and Superman together, as well as the first live-action cinematic portrayal of Wonder Woman. It received mixed reviews and grossed $874 million against $250–325 million budget.

Are studios getting better at marketing non-franchise films?

Trump Says He’s “Glad” Robert Mueller Died, Deploys ICE to Airports & Iran War Has No End in Sight | Jimmy Kimmel Live

3 Comments