Identity Theft in the ‘Hidden Leaf’: Crunchyroll Confirms...
Identity Theft in the ‘Hidden Leaf’: Crunchyroll Confirms 6.8 Million Users Impacted by Support Vendor Breach
SAN FRANCISCO — The world’s largest anime streaming platform, Crunchyroll, has officially confirmed a significant data breach affecting approximately 6.8 million users. The company revealed on Monday evening that the incident was not a direct hit on their own servers, but rather a "supply chain" compromise originating from a third-party customer support vendor.
The breach, which reportedly occurred on 12th March 2026, has seen nearly 100GB of data exfiltrated and circulated in underground hacker forums. While Crunchyroll initially described the incident as "alleged," a spokesperson for the Sony-owned streamer confirmed Tuesday that the leaked datasets are legitimate.
The "Weakest Link": How the Breach Occurred
According to forensic reports from BleepingComputer and Cybernews, the intrusion began when a threat actor successfully targeted an employee at Telus International, a business process outsourcing (BPO) firm based in India that handles Crunchyroll’s customer support tickets.
The attacker reportedly used an "infostealer" malware to capture the employee’s Okta login credentials. Within a 24-hour window, the hacker gained lateral access to Crunchyroll’s internal support and analytics tools, including:
-
Zendesk: Where roughly 8 million support tickets were downloaded.
-
Slack & Google Workspace: Used for internal team communications.
-
MaestroQA & Mixpanel: Analytics tools containing user behavior data.
What Data Was Stolen?
The exfiltrated data is primarily comprised of information shared during customer service interactions. While full credit card numbers are stored on separate, more secure billing systems, any financial details typed into a support chat, such as the last four digits of a card or an expiration date—are now in the hands of bad actors.
Compromised User Information
| Data Category | Status | Risk Level |
| Email Addresses | Confirmed (6.8M Unique) | High (Phishing/Credential Stuffing) |
| IP Addresses | Confirmed | Medium (Geographic Targeting) |
| Usernames/Full Names | Confirmed | Medium (Social Engineering) |
| Support Transcripts | Confirmed | High (Identity Correlation) |
| Full Credit Card Info | Not Identified | Low (Encrypted separately) |
“At this time, we believe that the information is primarily limited to customer service ticket data,” a Crunchyroll spokesperson stated. “We have not identified evidence of ongoing access to systems, and the unauthorized access was revoked within 24 hours of detection.”
A $5 Million Ransom Demand
The threat actor, who is believed to be affiliated with the notorious ShinyHunters group, the same collective that recently claimed to have siphoned 700TB of data from Telus—reportedly reached out to Crunchyroll with a $5 million ransom demand.
When the streaming giant failed to respond, the hacker began leaking sample "proof" data on social media and dark web forums under the title "Crunchyroll email and IP." Security analysts at SOCRadar noted that while the samples show "masked" data, they appear to be authentic fragments of a massive user database.
The "Gag City" of Cybercrime
This incident highlights a growing trend in 2026: Identity-centric breaches. Rather than brute-forcing a firewall, hackers are increasingly "walking through the front door" by stealing the digital identities of third-party contractors who have privileged access to several major platforms at once.
“Vendor questionnaires and security certifications don’t prevent this,” noted one security researcher on a popular cybersecurity forum. “The issue is visibility. If a support agent can pull 100GB of data in 24 hours without an alert going off, the system is broken.”
What Should Users Do?
Crunchyroll is advising all subscribers to remain vigilant. Because email addresses were the primary target, users should expect a surge in sophisticated phishing emails designed to look like official Crunchyroll communications.
Immediate Safety Steps:
-
Reset Passwords: Change your Crunchyroll password and any other accounts that share the same credentials.
-
Enable MFA: Ensure Multi-Factor Authentication is active on your primary email and streaming accounts.
-
Monitor Bank Statements: Look for small, unusual "test" charges if you have interacted with support regarding billing in the last year.
As of Wednesday morning, Crunchyroll’s investigation remains active alongside federal cybersecurity experts. The company has not yet confirmed if it will provide free credit monitoring services to the millions of affected "nakama" worldwide.
