Crunchyroll, the Sony-owned anime streaming platform, has reportedly suffered a big data breach. This comes after the report claims that the threat actors have extracted nearly 100GB of sensitive user information. This breach is said to have taken place on March 12, 2026. However, the company has not confirmed the breach yet.
SurveyThe alleged attack is said to have originated via a compromised employee account at Telus, a third-party outsourcing partner that provides business process services. The report also suggests that malware executed on the employee’s system allowed the attacker to gain initial access, which was then used to move all over internal systems that were linked to Crunchyroll’s operations, including customer support and ticketing tools.
🚨‼️ BREAKING: Crunchyroll breached through outsourcing partner in India.
— International Cyber Digest (@IntCyberDigest) March 22, 2026
A threat actor exfiltrated data from Crunchyroll's ticketing system and also managed to pull 100 GB of personally identifiable customer analytics data.
We've analyzed sample data and it includes IP… pic.twitter.com/BcxGN1Y2Lv
The report further added that cybersecurity researchers who reviewed a sample of leaked data claim that it has sensitive information such as IP addresses, email IDs, credit card details and customer analytics data. If confirmed, this can expose affected users to risks including identity theft, financial fraud and targeted phishing attacks.
The attackers have also maintained access to the system for less than 24 hours before being detected and removed. However, the scale of the data extraction shows that the operation may have been carefully planned and executed within a short window.
Not only this, there have been multiple security concerns involving Telus Digital, where threat actors have previously claimed to target multiple companies relying on outsourced services for customer support and backend operations. The reports stated that such vendors often become targets due to their access to multiple client systems.
So far, Crunchyroll has not issued an official statement or notified users about the breach. We have reached out to Crunchyroll and will update the story once we get the update.
Follow Us
Ashish Singh
Ashish Singh is the Chief Copy Editor at Digit. He's been wrangling tech jargon since 2020 (Times Internet, Jagran English '22). When not policing commas, he's likely fueling his gadget habit with coffee, strategising his next virtual race, or plotting a road trip to test the latest in-car tech. He speaks fluent Geek. View Full Profile
