Anime streaming platform Crunchyroll has disclosed a data breach involving customer service ticket details due to an incident with a third-party vendor, following claims by a hacker of accessing user data and internal systems.
The platform, acquired by Sony from AT&T in 2020 for $1.18 billion, is a joint venture between Sony Pictures Entertainment in the U.S. and Aniplex in Japan. Crunchyroll hosts over 2,000 titles in more than 12 languages and has 15 million subscribers globally, according to its website.
Claims of a hacker accessing Crunchyroll user data emerged online recently, suggesting data about millions of users was obtained.
Crunchyroll is investigating these claims.
“Our investigation is ongoing, and we continue to work with leading cybersecurity experts,” Crunchyroll stated to TechCrunch, noting no evidence of continuing unauthorized access has been found.
Information shared with TechCrunch by International Cyber Digest, a cybersecurity-focused account, indicates a possible breach of Crunchyroll’s Zendesk support system. Seen screenshots show internal Slack messages and support data purportedly stolen by hacking a Telus Digital employee, which manages customer support for Crunchyroll. The hacker allegedly extracted customer support ticket data until early 2025 when their access was terminated.
This cybersecurity account claims this hack is separate from a recent breach impacting Telus Digital, which the company confirmed last week.
Crunchyroll was unavailable for clarification regarding the third-party vendor relationship with support partner Telus Digital.
Telus Digital did not respond to comment inquiries.
The hacker informed BleepingComputer of downloading approximately eight million support ticket records from Crunchyroll’s systems, including about 6.8 million distinct email addresses, although these claims remain unverified. The hacker stated they gained access on March 12 by compromising an Okta account of a Crunchyroll support agent.