Crunchyroll confirms data breach after hacker claims unauthorized access

Crunchyroll has confirmed a data breach caused by a hacker claiming unauthorized access to customer support information via a third-party vendor, potentially affecting 15 million subscribers and involving 8 million support ticket records. The ongoing investigation has not found ongoing access, and the breach appears linked to Telus Digital’s compromised account.

Key Points

• Crunchyroll confirmed a data breach involving customer service info after unauthorized access by a hacker.
• The breach is linked to a third-party vendor, Telus Digital, which manages customer support for Crunchyroll.
• Approximately 8 million support ticket records were downloaded, including 6.8 million unique email addresses.
• The hacker accessed Crunchyroll systems through a compromised Okta single sign-on account belonging to a support agent.
• Crunchyroll is working with cybersecurity experts to investigate the claims, although no ongoing unauthorized access has been found.

Relevance

• The breach highlights ongoing security vulnerabilities in third-party vendor management, a key concern in 2025 as remote working increases dependency on outsourced services.
• Cybersecurity trends in 2025 emphasize the importance of securing identity management systems like Okta that facilitate access to sensitive data.
• Crunchyroll's incident parallels broader industry challenges related to data privacy and customer trust in the wake of multiple high-profile breaches.

The Crunchyroll data breach underscores the critical need for robust cybersecurity measures, especially when partnering with third-party vendors, reflecting a growing challenge in the digital landscape.