TechCrunch

Crunchyroll confirms data breach after hacker claims unauthorized access | TechCrunch

2026-03-24 · 00:00 UTC ·Jagmeet Singh ·1 min read

Brief

Crunchyroll, the Sony-owned anime streaming service with 15 million subscribers, disclosed a breach tied to customer support data and potentially a third-party support workflow. Reporting indicates the intrusion may have moved through Telus Digital into Zendesk and Slack, with the alleged initial foothold coming from a compromised Okta SSO account. The incident highlights identity and vendor-risk weaknesses more than a direct platform compromise, and key details remain under investigation.

Why it matters

Crunchyroll confirmed a data breach affecting customer service ticket information after a third-party vendor incident; the company said on March 24, 2026 that its investigation is ongoing and it has not found evidence of ongoing unauthorized access.

Key details

  • Evidence reviewed by TechCrunch suggests the attacker accessed Crunchyroll’s Zendesk support system and internal Slack messages by compromising an employee at Telus Digital, the outsourcing firm that handles customer support for Crunchyroll.
  • The hacker claimed to BleepingComputer that they accessed systems on March 12 via a compromised Okta single sign-on account belonging to a Crunchyroll support agent and exfiltrated about 8 million support ticket records, including roughly 6.8 million unique email addresses, though these figures remain unverified.
Source evidence

title: Crunchyroll confirms data breach after hacker claims unauthorized access | TechCrunch
author: Jagmeet Singh
contenttype: article
publication: TechCrunch
published: 2026-03-24T00:00:00
sourceurl: https://techcrunch.com/2026/03/24/crunchyroll-confirms-data-breach-after-hacker-claims-unauthorized-access/

word_count: 326

Anime streaming service Crunchyroll has confirmed a data breach involving customer service ticket information following an incident with a third-party vendor, after a hacker claimed to have accessed user data and internal systems.

The streaming site, which Sony acquired from AT&T in 2020 for $1.18 billion, operates as a joint venture between U.S.-based Sony Pictures Entertainment and Japan-based Aniplex. Crunchyroll has more than 2,000 titles in over 12 languages and serves 15 million subscribers worldwide, per its website.

Reports of a threat actor claiming access to Crunchyroll user data surfaced online this week, with a hacker alleging that they obtained data about millions of users.

Crunchyroll said it is investigating the claims.

“Our investigation is ongoing, and we continue to work with leading cybersecurity experts,” the company said in a statement to TechCrunch, adding that it has not identified evidence of ongoing unauthorized access.

Separately, materials shared with TechCrunch by a cybersecurity-focused account, International Cyber Digest, indicate the attacker may have gained access to Crunchyroll’s Zendesk support system. Screenshots we have seen appear to show the company’s internal Slack messages and stolen support data, apparently stolen by hacking an employee at Telus Digital, an outsourcing giant that handles customer support for Crunchyroll. The hacker allegedly stole customer support ticket data until early 2025, at which point their access was revoked.

The cybersecurity account said the hack was separate from a recent breach affecting Telus Digital, which the company confirmed last week.

Crunchyroll did not respond to a follow-up question about whether the third-party vendor relates to its support partner, Telus Digital.

Telus Digital did not respond to requests for comments.

The hacker told BleepingComputer they had downloaded about eight million support ticket records from Crunchyroll’s systems, including roughly 6.8 million unique email addresses, though the claims have not been independently verified. The hacker also told the publication they gained access on March 12 after compromising an Okta single sign-on account belonging to a Crunchyroll support agent.