Crunchyroll, the worldโs most popular anime streaming platform, just suffered a major cybersecurity breach. The incident exposed sensitive data belonging to millions of subscribers. Attackers slipped in through a weak third-party vendor. They grabbed personal information that could fuel phishing scams and identity theft.
Hackers Slip In Through Third-Party Weak Link
The trouble began when cybercriminals compromised Telus Digital, an external service provider tied directly to Crunchyrollโs systems. They planted malware to breach the Okta authentication infrastructure. The intruders spent nearly 24 hours poking around internal tools. Although the company confirmed no passwords were stolen, the attackers walked away with email addresses, usernames, real names, IP addresses, approximate locations, and thousands of customer support tickets. These tickets contained billing details, complaints, and account histories.
Cybersecurity experts warn this type of data proves far more dangerous than leaked passwords. Criminals can now impersonate support staff. They can craft believable scams that reference real user issues. The breach started on March 12. By March 23, hackers claimed they held roughly 6.8 million email records. Pieces of the database soon appeared for sale on underground forums. On April 4, independent checks through Have I Been Pwned verified at least 1.2 million exposed addresses.
Users Urged to Strengthen Accounts Immediately
Crunchyroll insists login credentials stayed secure. The company describes the incident as part of a growing wave of supply-chain attacks that target vendors instead of the main company. Still, the platform urges every user to change passwords, especially those reused across other sites. Users should also enable two-factor authentication through an authenticator app. They should stay alert for suspicious emails or texts about billing or account problems.
The breach serves as a fresh reminder that even the biggest streaming services remain vulnerable when outside partners hold the keys.
