Crunchyroll experiences Data Security Breach Affecting Customer Support Information

Anime streaming giant Crunchyroll has revealed a data security incident involving customer service ticket information after a hacker claimed to have gained unauthorized access to user data and internal systems through a third-party vendor.

Crunchyroll’s Ownership and Service Overview

Jointly owned by Sony Pictures Entertainment in the U.S. and Aniplex in Japan, Crunchyroll was purchased from AT&T for $1.18 billion in 2020. The platform offers an extensive collection of over 2,000 anime series across more than twelve languages, serving roughly 15 million subscribers worldwide as of early 2024.

Details Surrounding the Security Breach Claims

This week, an individual surfaced online claiming to have breached Crunchyroll’s systems, allegedly accessing millions of users’ data. The intruder stated they obtained approximately eight million customer support tickets containing about 6.8 million unique email addresses by exploiting an Okta single sign-on account linked to a support agent on March 12.

Company Examination and Response Measures

Crunchyroll confirmed it is actively investigating these claims wiht cybersecurity experts but noted there is currently no evidence indicating ongoing unauthorized access to its systems.The company reaffirmed its dedication to protecting user information while conducting a thorough review of the situation.

The Involvement of Third-Party Providers in the Incident

Cybersecurity analysts suggest that this breach originated via Crunchyroll’s Zendesk-based customer support platform operated by Telus Digital, an outsourced service provider managing their support operations. Leaked screenshots show internal Slack conversations alongside stolen ticket details reportedly acquired through hacking one of Telus Digital’s employees.

The attacker maintained system access until early 2025 when their credentials were revoked. Importantly, this event appears unrelated to another recent security incident involving Telus Digital itself.

The Growing threats Posed by Third-Party Vendor Vulnerabilities

this case underscores increasing concerns about supply chain risks within digital services where external vendors handle critical functions such as customer support or authentication processes. Similar breaches affecting major corporations frequently enough stem from compromised vendor accounts rather than direct attacks on primary platforms.

• A recent industry report found that over 60% of organizations experienced at least one security incident originating from third-party providers within the past year alone.
• The global average cost associated with such breaches now exceeds $4 million due to prolonged detection periods and complex remediation efforts.
• Sectors heavily dependent on outsourced IT services remain especially vulnerable as attackers exploit weaker links beyond core infrastructure defenses.

Key Takeaways for Streaming Platforms and Their Users

The Crunchyroll breach highlights the necessity for streaming services to implement robust multi-layered security strategies not only internally but also across all external partners handling sensitive user data or operational workflows. Meanwhile, subscribers should stay alert against phishing attempts or suspicious messages perhaps triggered by leaked contact information following incidents like this one.