Crunchyroll is facing a serious investigation regarding a potential data breach that has compromised the personal information of approximately 6.8 million users. This incident reportedly stemmed from vulnerabilities at Telus International, a third-party company that handles customer support for Crunchyroll.
The breach, said to have occurred on March 12, allowed a hacker to access sensitive data after infecting an employee's computer with malware. This led to the acquisition of Okta login credentials, enabling further access to Crunchyroll's accounts with various third-party services, including Zendesk and Google Workspace Mail. In total, the hacker managed to download 8 million support ticket records during their brief access.
Details of the stolen information include full names, usernames, email addresses, and IP addresses, although no credit card numbers were reportedly compromised. However, if any card details were mentioned in support tickets, those specific bits of information could be included in the breach. The hacker has also demanded a ransom of $5 million from Crunchyroll but claims they have not received any response.