Sony-owned anime streaming service Crunchyroll has confirmed it is investigating a data breach after a hacker claimed to have stolen user information. The company stated the incident originated with a third-party vendor that handles customer service, and it is working with cybersecurity experts to investigate the matter.
The attacker alleges they exfiltrated data related to 6.8 million users by downloading approximately 8 million customer support tickets. The compromised information reportedly includes users' names, email addresses, IP addresses, and the content of the support tickets. Crunchyroll noted the breach is primarily limited to this customer service data and that partial credit card details were only exposed if users had included them in their support communications.
According to reports, the hacker gained access after an employee of the outsourcing partner, Telus International, was infected with malware. Crunchyroll has stated it has not identified evidence of ongoing unauthorized access to its systems following the incident.