Crunchyroll Investigates Major Data Breach Affecting 6.8 Million Users After BPO Employee Compromise

Summary

Popular anime streaming platform Crunchyroll is investigating a significant data breach reportedly affecting approximately 6.8 million users. According to threat actors who contacted BleepingComputer, the breach occurred on March 12th after attackers compromised the Okta SSO account of a support agent employed by Telus International, a business process outsourcing (BPO) company handling Crunchyroll support operations. Using malware-infected credentials, the attackers gained access to multiple Crunchyroll systems including Zendesk, Google Workspace, and Slack, and claim to have downloaded 8 million support ticket records containing user personal information.

The stolen data includes names, login credentials, email addresses, IP addresses, geographic locations, and support ticket contents for 6.8 million unique users. While some reports claimed credit card information was exposed, BleepingComputer confirmed that payment details were only compromised when customers voluntarily shared them in support tickets, with most exposure limited to partial information like last four digits. The threat actors claim to have demanded $5 million in extortion fees but received no response from Crunchyroll. The attackers maintained access for approximately 24 hours before it was revoked, allowing them to steal data up to mid-2025.

• The incident highlights the security vulnerabilities inherent in outsourcing sensitive support functions, as a single compromised BPO employee can expose millions of users