Anime streaming service Crunchyroll has confirmed a data breach involving customer support ticket data following an incident with a third-party vendor, after a hacker claimed to have accessed person knowledge and inner programs.
The streaming website, which Sony acquired from AT&T in 2020 for $1.18 billion, operates as a three way partnership between U.S.-based Sony Footage Leisure and Japan-based Aniplex. Crunchyroll has greater than 2,000 titles in over 12 languages and serves 15 million subscribers worldwide, per its web site.
Experiences of a menace actor claiming entry to Crunchyroll person knowledge surfaced on-line this week, with a hacker alleging that they obtained knowledge about tens of millions of customers.
Crunchyroll stated it’s investigating the claims.
“Our investigation is ongoing, and we proceed to work with main cybersecurity specialists,” the corporate stated in an announcement to information.killnetswitch, including that it has not recognized proof of ongoing unauthorized entry.
Individually, supplies shared with information.killnetswitch by a cybersecurity-focused account, Worldwide Cyber Digest, point out the attacker could have gained entry to Crunchyroll’s Zendesk help system. Screenshots we have now seen seem to indicate the corporate’s inner Slack messages and stolen help knowledge, apparently stolen by hacking an worker at Telus Digital, an outsourcing large that handles buyer help for Crunchyroll. The hacker allegedly stole buyer help ticket knowledge till early 2025, at which level their entry was revoked.
The cybersecurity account stated the hack was separate from a latest breach affecting Telus Digital, which the corporate confirmed final week.
Crunchyroll didn’t reply to a follow-up query about whether or not the third-party vendor pertains to its help accomplice, Telus Digital.
Telus Digital didn’t reply to requests for feedback.
The hacker advised BleepingComputer they’d downloaded about eight million help ticket data from Crunchyroll’s programs, together with roughly 6.8 million distinctive electronic mail addresses, although the claims haven’t been independently verified. The hacker additionally advised the publication they gained entry on March 12 after compromising an Okta single sign-on account belonging to a Crunchyroll help agent.
