Crunchyroll Hacked: 8 Million User Data Leaked

The platform issued a statement only hours after the incident. What data was at risk in Crunchyroll tickets? Tickets that were allegedly hacked and accessed by Bleeping Computer contain sensitive data from some subscribers, including: Crunchyroll username, login name, email address, IP address, general geographic location, and support ticket content. While bank data was also reported to have been leaked, in most cases, only basic information was present, such as the last four digits of cards. Crunchyroll, the streaming platform where very popular animes like 'Jujutsu Kaisen' are located, became the center of conversation, but not because of the premiere of the new 'One Piece' arc, but due to a suspected hack. A group of hackers reported the attack, claiming to specialized cybersecurity portals that they have 8 million support ticket records, which include sensitive data. So far, the platform has not explained what happened or the possible scope, as it confirmed to Bleeping Computer that it is investigating the alleged data leak of its subscribers. What is known about the alleged Crunchyroll hack? After extracting the data, the alleged attackers contacted Bleeping Computer, where they shared that they infected the computer of an external employee with access to Crunchyroll's support tickets. Through malware, they gained access to different platform applications, including Zendesk, software related to customer service, communication, and sales. Bleeping Computer explains that the hackers allegedly used this access to download the 8 million ticket records. The hacker stated that few records included full card numbers. What did Crunchyroll say after the hack threat? After the case became known, Crunchyroll informed that it is already conducting an investigation with cybersecurity experts and indicated that for now, it is believed that the perpetrators only had access to the tickets. 'For now, we believe the information is limited mainly to customer support ticket data following an incident with an external provider,' they told the portal, where they added that there are no records of attackers re-entering their system. 'We have found no signs of continued access to the systems in relation to these claims. Subsequently, they demanded 5 million dollars not to leak the data. Bleeping Computer points out that although the hackers contacted Crunchyroll with their demands, the company did not respond to them. We continue to monitor the situation closely,' they explained, without giving more details about the scope of the cyberattack. So far, Crunchyroll has not posted a statement on its social networks to inform users of what happened and the steps to follow. What to do in case of a possible Crunchyroll hack? Francisco Chávez Trejo, a chemical engineer dedicated to technology known on social networks as Paco Web, recommended that platform users change their passwords in case of a possible security breach. Paco Web points out that if you entered a bank card when subscribing, the ideal thing is to cancel it to avoid fraud; a preventive measure while Crunchyroll clarifies if there was compromised data. The expert added that even if you have already canceled your subscription, you must be careful: 'Platforms store your information, sometimes up to five years after you cancel them. So, anyway, if you have been there, you are at risk,' he said. In the event of a hack, the Pontificia Universidad Católica de Chile also recommends changing passwords, not only for the streaming service, but also for email, social networks, and banking services. The blog of Prey, a security software company, recommends that access passwords be at least 12 characters long and include the four main categories: uppercase, lowercase, numbers, and special characters, as this will make them harder to decipher. The portal adds that the cyberattack occurred on March 12. The attackers also claim they had access to the platform for 24 hours, during which they managed to obtain information up to mid-2025.