Hackers said they breached 6.8M Crunchyroll users’ personal data – Anime giant & cybersecurity experts launch probe

Subscription-based anime streaming giant Crunchyroll has issued a major update amid reports of a massive data breach possibly targeting the personal data of nearly 6.8 million users.

As of March 2025, anime enthusiasts’ go-to platform had a paid subscriber base of over 17 million.

Crunchyroll responds to major hack reports

In an initial statement emailed to The Financial Express Online, a Crunchyroll spokesperson confirmed the banner owned by Sony Group Corporation is “aware of recent claims” and is “working closely with leading cyber security experts to investigate the matter.”

Offering a follow-up update on the reportedly emerging incident, a Crunchyroll spokesperson further affirmed that the investigation was ongoing as the company continues to work in collaboration with leading cybersecurity experts to address the issue.

“At this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor,” the Crunchyroll official added in an emailed statement shared with The Financial Express Online. “We have not identified evidence of ongoing access to systems in relation to these claims. We are continuing to monitor the situation closely.”

Crunchyroll hack: What prompted the viral reports of data breach?

The official statement comes after a “threat actors” approached technology specialist site BleepingComputer last Thursday and claimed they had breached the anime streaming service on March 12 at 9 pm ET.

The purported hackers reportedly extracted 8 million support ticket records from Crunchyroll’s Zendesk platform. 6.8 million of these are said to have been unique email addresses, according to the report.

The report suggested that they had allegedly achieved to do so by gaining access to the Okta SSO account of a support agent working for Crunchyroll.

According to BleepingComputer, the support agent is believed to be an employee of the business process outsourcing (BPO) company Telus International and has access to Crunchyroll support tickets.

As per screenshots of the information forward to BleepingComputer, the threat actors pressed that they targeted the agent’s computer with malware and stole their credentials. These details are said to have granted them access to several Crunchyroll applications, including Slack, Google Workspace Mail, Zendesk and Jira Service Management.

Alleged support tickets viewed by Bleeping Computers highlighted a vast variety of information, including the Crunchyroll user’s name, login name, email address, IP address and general geographic location. The report further indicates that the hackers said their access was revoked after 24 hours. However, by this time, they had managed to steal data tracing back to mid-2025, the attackers told BleepingComputer.

The report also suggested that the hackers sent threatening mails to Crunchyroll, demanding $5 million in exchange of withholding the stolen data. However, they didn’t receive any response from the company, according to BleepingComputer.