'We are continuing to monitor the situation closely': Crunchyroll investigating breach which reportedly stole data on 6.8 million users

Anime streaming platform Crunchyroll has confirmed suffering a cyberattack and said it was currently investigating claims of data theft.

A threat actor working for an unknown hacking group recently told BleepingComputer they had infected a support agent’s computer with malware and obtained access to their Okta SSO account for 24 hours.

This agent, apparently working for the Telus International business process outsourcing (BPO) company, had access to Crunchyroll’s support tickets, which the attacker exfiltrated - and accessing Zendesk, they managed to pull eight million support tickets, allegedly containing 6.8 million unique email addresses.

Hundreds of compromised sites

Other data apparently stolen in the attack include people’s usernames, login names, email addresses, IP addresses, general geographic locations, and the contents of the support tickets.

Payment information was not accessed, unless it was shared in the ticket. They were also allowed to access other apps, such as Wizer, MaestroQA, Mixpanel, Google Workspace Mail, Jiro Service Management, and Slack.

Crunchyroll has confirmed the incident, and that it is looking into it.

"We are aware of recent claims and are currently working closely with leading cyber security experts to investigate the matter," Crunchyroll said.

"Our investigation is ongoing, and we continue to work with leading cybersecurity experts. At this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor.”

"We have not identified evidence of ongoing access to systems in relation to these claims. We are continuing to monitor the situation closely."

The publication claims the hacker tried to extort Crunchyroll for money, demanding $5 million in exchange for deleting the stolen data, but the company did not respond to the offer.