‘We are continuing to monitor the situation closely’: Crunchyroll investigating breach which reportedly stole data on 6.8 million users
- Crunchyroll confirms cyberattack via third-party vendor
- Hacker accessed support agent’s Okta account, exfiltrated 8M tickets with 6.8 million emails
- Attacker demanded $5m ransom; company investigating, payment data not directly compromised
Anime streaming platform Crunchyroll has confirmed suffering a cyberattack and said it was currently investigating claims of data theft.
A threat actor working for an unknown hacking group recently told BleepingComputer they had infected a support agent’s computer with malware and obtained access to their Okta SSO account for 24 hours.
This agent, apparently working for the Telus International business process outsourcing (BPO) company, had access to Crunchyroll’s support tickets, which the attacker exfiltrated – and accessing Zendesk, they managed to pull eight million support tickets, allegedly containing 6.8 million unique email addresses.
Article continues below
Hundreds of compromised sites
Other data apparently stolen in the attack include people’s usernames, login names, email addresses, IP addresses, general geographic locations, and the contents of the support tickets.
Payment information was not accessed, unless it was shared in the ticket. They were also allowed to access other apps, such as Wizer, MaestroQA, Mixpanel, Google Workspace Mail, Jiro Service Management, and Slack.
Crunchyroll has confirmed the incident, and that it is looking into it.
“We are aware of recent claims and are currently working closely with leading cyber security experts to investigate the matter,” Crunchyroll said.
“Our investigation is ongoing, and we continue to work with leading cybersecurity experts. At this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor.”
“We have not identified evidence of ongoing access to systems in relation to these claims. We are continuing to monitor the situation closely.”
The publication claims the hacker tried to extort Crunchyroll for money, demanding $5 million in exchange for deleting the stolen data, but the company did not respond to the offer.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Crunchyroll confirms cyberattack via third-party vendor Hacker accessed support agent’s Okta account, exfiltrated 8M tickets with 6.8 million emails Attacker demanded $5m ransom; company investigating, payment data not directly compromised Anime streaming platform Crunchyroll has confirmed suffering a cyberattack and said it was currently investigating claims of data theft. A…
