Crunchyroll probes breach after hackers claim access to millions of user records, demand $5M

Crunchyroll is looking into what could become one of the largest security incidents for an anime platform in recent memory after hackers claimed they broke into its systems and extracted data tied to millions of users.

The Sony-owned streaming service confirmed it is aware of the situation but stopped short of validating the claims. “We are ‌aware of recent claims and are currently working closely with leading cybersecurity experts to investigate the matter,” Crunchyroll told BleepingComputer.

“We are aware of recent claims and are currently working closely with leading cyber security experts to investigate the matter,” Crunchyroll initially told BleepingComputer.

The claims surfaced after a threat actor reached out to the publication last week, alleging they gained access to Crunchyroll on March 12 at 9 p.m. ET. The entry point, according to the attacker, came through an Okta single sign-on account linked to a support agent.

“Our investigation is ongoing, and we continue to work with leading cybersecurity experts. At this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor,” Crunchyroll shared in a later statement.

That detail matters. The account reportedly belonged to a contractor working through Telus International, a business process outsourcing firm that handles support tickets for Crunchyroll. If accurate, it points to a familiar weak spot: third-party access tied into internal systems.

Inside Crunchyroll  Hack

The attacker says they infected the support agent’s device with malware, then used stolen credentials to move across multiple internal tools. Screenshots shared with BleepingComputer appear to show access to systems such as Zendesk, Google Workspace Mail, Jira Service Management, and Slack.

From there, the scope quickly escalates. The threat actor claims they pulled roughly 8 million support ticket records from Zendesk, including about 6.8 million unique email addresses. Samples reviewed by BleepingComputer and later deleted included user names, login names, email addresses, IP addresses, and general location data.

Crunchyroll’s scale raises the stakes. The platform reported more than 17 million paid subscribers as of March 2025, meaning that a breach of this scale would affect a meaningful portion of its user base if confirmed.

The attackers say their access lasted about 24 hours before being cut off. During that window, they claim to have collected data dating back to mid-2025. They also say they sent extortion emails to Crunchyroll demanding $5 million to keep the data private, but the company has not responded, Reuters reported.

Crunchyroll has not publicly addressed the ransom claim, and Sony did not respond to requests for comment.

There are still open questions. The company has not confirmed whether any data was actually exfiltrated or how many users could be affected. The attacker’s claims, though detailed, remain unverified.

The incident touches more than Crunchyroll alone. The service operates as an add-on channel within Amazon Prime Video in several markets, giving users another way to subscribe and stream through Amazon’s platform. There is no indication that Amazon systems were involved, but the integration adds another layer of attention as the investigation unfolds.

For now, Crunchyroll is in a familiar position, as seen in recent breaches: public claims, partial technical details, and a race to determine what actually happened behind the scenes.

TechStartups first reported on Crunchyroll in October 2020, when Sony was in talks with AT&T to acquire the anime streaming service for more than $1 billion.