Crunchyroll probes breach after hacker claims to steal 68M users data

pPayouts King ransomware uses QEMU VMs to bypass endpoint securityppApple account change alerts abused to send phishing emailsppCritical flaw in Protobuf library enables JavaScript code executionppNIST to stop rating nonpriority flaws due to volume increaseppVercel confirms breach as hackers claim to be selling stolen datappApple account change alerts abused to send phishing emailsppNIST to stop rating nonpriority flaws due to volume increaseppEdit convert and sign PDFs fast with this 40 lifetime toolppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppPopular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 68 million peopleppWe are aware of recent claims and are currently working closely with leading cyber security experts to investigate the matter Crunchyroll initially told BleepingComputerppOur investigation is ongoing and we continue to work with leading cybersecurity experts At this time we believe that the information is primarily limited to customer service ticket data following an incident with a thirdparty vendor Crunchyroll shared in a later statementppWe have not identified evidence of ongoing access to systems in relation to these claims We are continuing to monitor the situation closelyppThis statement comes after a threat actor contacted BleepingComputer last Thursday and claimed they breached Crunchyroll on March 12th at 9 PM EST after gaining access to the Okta SSO account of a support agent working for CrunchyrollppThis support agent is allegedly an employee of the Telus International business process outsourcing BPO company who has access to Crunchyroll support tickets The threat actors claimed to have used malware to infect the agents computer and gain access to their credentialsppFrom screenshots shared with BleepingComputer these credentials gave access to various Crunchyroll applications including Zendesk Wizer MaestroQA Mixpanel Google Workspace Mail Jiro Service Management and SlackppUsing this access the attackers say they downloaded 8 million support ticket records from Crunchyrolls Zendesk instance Of these records there are allegedly 68 million unique email addressesppSamples of the support tickets seen by BleepingComputer and then deleted contain a wide variety of information including the Crunchyroll users name login name email address IP address general geographic location and the contents of the support ticketsppWhile other reports on the incident claim that credit card information was exposed BleepingComputer has confirmed that credit card details were exposed only when the customer shared them in the support ticketppFor the most part this included only basic information such as the last four digits or expiration dates and only a few contained full card numbers according to the threat actorppThe support tickets seen by BleepingComputer all reference Telus supporting the threat actors claim that they compromised a BPO employeeppThe attacker says their access was revoked after 24 hours letting them steal data up to mid2025ppThe hacker claims to have sent extortion emails to Crunchyroll demanding 5 million in exchange for not publicly leaking the data but did not receive a response from the companyppWhile this attack targeted a Telus employee BleepingComputer was told it was not related to the massive breach at Telus Digital by the ShinyHunters extortion gangppBusiness process outsourcing companies have become highvalue targets for threat actors over the past few years as they often handle customer support billing and internal authentication systems for multiple companiesppAs a result threat actors can compromise a single BPO employee and gain access to large amounts of customer and corporate data across multiple companiesppIn the past year threat actors have exploited BPOs by bribing insiders with legitimate access social engineering support staff into granting unauthorized access and compromising BPO employee accounts to reach internal systemsppIn one of the most prominent cases attackers posed as an employee and convinced a Cognizant help desk support agent to grant them access to a Clorox employee account allowing them to breach the companys networkppMajor retailers also confirmed that social engineering attacks against support personnel enabled ransomware and data theft attacksppMarks Spencer confirmed that attackers used social engineering to breach its networks while Coop disclosed data theft following a ransomware attack that similarly abused support staffs accessppIn response to the attacks on MS and Coop retail companies the UK government issued guidance on social engineering attacks against help desks and BPOsppIn some cases hackers target the BPO employee accounts themselves to gain access to the customer data they manageppIn October Discord disclosed a data breach that allegedly exposed data from 55 million unique users after its Zendesk support system instance was compromisedppUpdate 32325 751 PM ET Updated story with additional statement from CrunchyrollppAI chained four zerodays into one exploit that bypassed both renderer and OS sandboxes A wave of new exploits is comingppAt the Autonomous Validation Summit May 12 14 see how autonomous contextrich validation finds whats exploitable proves controls hold and closes the remediation loopppHims Hers warns of data breach after Zendesk support ticket breachppTelus Digital confirms breach after hacker claims 1 petabyte data theftppVercel confirms breach as hackers claim to be selling stolen datappAmtrak resets user passwords after Guest Rewards data breachppCisco says critical Webex Services flaw requires customer actionppNot a member yet Register NowppVercel confirms breach as hackers claim to be selling stolen datappRecently leaked Windows zerodays now exploited in attacksppMicrosoft Some Windows servers enter reboot loops after April patchesppRead this new guide to AI adoption for IT and security teams before investing in AI tools ppAI is a databreach time bomb Read the new reportppNAKIVO Backup Replication v112 brings realtime replication and ransomware resilience See the full releaseppFrom vehicle research to cyber defense NMFTA leads with cybersecurity research threat insights and practical resources Learn MoreppOverdue a password healthcheck Audit your Active Directory for freeppCredit card fraud is getting more structured are you monitoring the sourcesppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2026 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp