Home / Technology / Crunchyroll Investigates Massive Data Leak via Support Breach
Crunchyroll Investigates Massive Data Leak via Support Breach
24 Mar
Summary
- Nearly 7 million user records were allegedly compromised.
- A third-party vendor's systems were exploited for access.
- Personal data, not credit card details, was reportedly stolen.
Popular anime streaming service Crunchyroll is investigating claims of a major data breach. A hacker asserts they stole personal data belonging to 6.8 million users by exploiting vulnerabilities at a third-party company, Telus International, which handles customer support.
The alleged breach occurred on March 12, with the hacker claiming to have infected a customer support agent's computer. This allowed access to employee credentials, leading to unauthorized entry into various third-party services used by Crunchyroll, including Zendesk and Google Workspace. Within a 24-hour period, the hacker reportedly downloaded 8 million support ticket records.
While direct credit card information was not taken, the stolen data includes full names, usernames, email addresses, IP addresses, and general geographic locations. Any financial details, such as the last four digits of a credit card or its expiration date, that were included in support tickets are also believed to be compromised.
The hacker has reportedly demanded a $5 million ransom, but Crunchyroll has not yet responded to this demand. This incident has also been flagged on hacker forums, with reports of 100GB of data being stolen.
