Anime streaming big Crunchyroll has reportedly suffered a large cybersecurity breach, compromising over 100 GB of extremely delicate buyer knowledge, leaving hundreds of thousands of subscribers susceptible to fraud and identification theft.
The safety breach occurred on March 12, 2026, when an worker working for Telus Digital, Crunchyroll’s enterprise course of outsourcing accomplice positioned in India, was efficiently tricked by an electronic mail containing hidden malware.
Upon executing the malicious software program, the hacker (risk actor) stole the sufferer’s Okta credentials and gained direct, unrestricted entry to Crunchyroll’s inside community setting.
As soon as inside the corporate’s digital infrastructure, the attacker particularly focused the anime streamer’s inside ticketing system and buyer analytics databases.
The platform detected the intrusion and revoked their entry after 24 hours. Nevertheless, regardless of the comparatively quick window of alternative, the risk actor managed to exfiltrate 100 GB of personally identifiable data.
Cyber Digest analyzed a pattern of the stolen dataset, confirming it contains person IP addresses, electronic mail addresses, bank card particulars and different delicate data.
This publicity places affected subscribers at extreme threat of economic fraud, focused phishing assaults, and identification theft.
Regardless of the severity of the information theft, Crunchyroll is reportedly ignoring all direct communications from the hackers and nonetheless has not publicly disclosed the breach to its subscriber base.
In the meantime, Canadian telecommunications big Telus confirmed on March 12 that its digital providers arm suffered a extreme multi-month safety incident. ShinyHunters claimed accountability for the Telus breach, alleging the theft of practically 1 petabyte of company knowledge associated to buyer help and content material moderation operations.
Nevertheless, it stays formally unconfirmed if the Crunchyroll intrusion is instantly related to the ShinyHunters marketing campaign, particularly contemplating Telus was additionally rumored to be a sufferer of a separate cybersecurity assault earlier in January.
That is the second time the favored streaming service has suffered a major knowledge breach affecting its person base. In January 2025, a large leak of premium Crunchyroll login particulars and passwords surfaced on-line.
This newest safety catastrophe arrives at an exceptionally dangerous time for the Sony-owned platform. Simply weeks previous to this hacking incident, Crunchyroll was hit with a significant class-action lawsuit for allegedly violating the Video Privateness Safety Act by secretly sharing its customers’ viewing habits with a third-party advertising and marketing firm.
This authorized conundrum follows a virtually similar one in 2023 the place the corporate was pressured right into a USD 16 million settlement over related privateness violations, portray a constantly troubling image of how the service handles its viewers’ digital footprint.
