.png){kind=logo}
Crunchyroll is facing allegations of a data breach, with hackers reporting that 100GB of user data was stolen via third-party access. The incident raises concerns about platform security, though official confirmation and details from the company are still awaited.
The scale of the data extraction shows that the operation may have been carefully planned and executed within a short window.
Crunchyroll, the Sony-owned anime streaming platform, has reportedly suffered a big data breach. A report claimed that the threat actors have extracted around 100GB of sensitive user information. This breach is said to have taken place on March 12, 2026.
The alleged attack is said to have originated via a compromised employee account at Telus, a third-party outsourcing partner that provides business process services. The report also suggests that malware executed on the employee’s system allowed the attacker to gain initial access. It was later used to move across all internal systems linked to Crunchyroll’s operations. Data related to customer support and ticketing tools were also hacked, according to the report.
The attackers have also maintained access to the system for less than 24 hours before being detected and removed. Crunchyroll has not issued an official statement or notified users about the breach.
According to cybersecurity researchers, sensitive information such as IP addresses, email IDs, and credit card details was hacked. If confirmed, this can expose affected users to identity theft, financial fraud, and targeted phishing attacks.
Crunchyroll is facing a class-action lawsuit alleging that it discloses users’ video-viewing data to Braze Inc., a third-party marketing and analytics company, without obtaining proper consent. Lead plaintiff Francisco Cabonios filed the complaint against Crunchyroll in California federal court. The lawsuit focuses on violations of the Video Privacy Protection Act (VPPA).
Also Read: How to Avoid Data Breaches and Protect Your Information Online
As business process outsourcing (BPO) providers handle authentication and billing tools across multiple client environments, they are key targets for threat actors. The alleged Crunchyroll incident highlights how third-party vulnerabilities are becoming a major cybersecurity risk. As digital ecosystems expand, companies must strengthen oversight, while users remain cautious about data sharing and platform security practices.
