CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Crunchyroll support agent account compromise leads to 6.8 million user data exposure

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A threat actor claimed responsibility for breaching Crunchyroll on March 12, 2025, by compromising the Okta SSO account of a Telus International support agent via malware. The compromise enabled access to multiple Crunchyroll applications, including Zendesk, Wizer, and Slack, leading to the exfiltration of 8 million support tickets containing data for 6.8 million unique email addresses. The attack targeted a business process outsourcing (BPO) employee with legitimate access to customer support systems. Crunchyroll confirmed the incident and is investigating with cybersecurity experts. The exposed data includes names, email addresses, IP addresses, geographic locations, and support ticket contents, with partial credit card details appearing only when customers included them in tickets. The threat actor demanded $5 million in extortion but received no response from Crunchyroll.

Timeline

  1. 23.03.2026 21:21 1 articles · 1h ago

    Crunchyroll support agent account compromised via malware, leading to 6.8M user data exposure

    On March 12, 2025, a threat actor compromised the Okta SSO account of a Telus International support agent working for Crunchyroll by infecting their computer with malware. Using the stolen credentials, the actor accessed multiple Crunchyroll applications and exfiltrated 8 million Zendesk support tickets containing data for 6.8 million unique email addresses. The breach was detected after the actor attempted extortion demanding $5 million. Access was revoked within 24 hours.

    Show sources
    Open in new tab

Information Snippets

  • Threat actor breached Crunchyroll on March 12, 2025, at 9 PM EST, by infecting a Telus International support agent’s computer with malware to steal Okta SSO credentials.

    First reported: 23.03.2026 21:21
    1 source, 1 article
    Show sources

  • Compromised credentials provided access to Crunchyroll applications including Zendesk, Wizer, MaestroQA, Mixpanel, Google Workspace Mail, Jiro Service Management, and Slack.

    First reported: 23.03.2026 21:21
    1 source, 1 article
    Show sources

  • Attackers exfiltrated 8 million support ticket records from Crunchyroll’s Zendesk instance, containing 6.8 million unique email addresses and associated user data.

    First reported: 23.03.2026 21:21
    1 source, 1 article
    Show sources

  • Exposed data includes user names, login names, email addresses, IP addresses, geographic locations, and support ticket contents; credit card details were exposed only if voluntarily shared by users in tickets.

    First reported: 23.03.2026 21:21
    1 source, 1 article
    Show sources

  • Threat actor demanded $5 million in extortion but received no response from Crunchyroll; access was reportedly revoked after 24 hours.

    First reported: 23.03.2026 21:21
    1 source, 1 article
    Show sources

  • The compromise targeted a Telus International BPO employee with legitimate access to Crunchyroll support systems, demonstrating the risk of third-party access chains.

    First reported: 23.03.2026 21:21
    1 source, 1 article
    Show sources