Facebook-f Linkedin-in Instagram Tiktok Youtube
Become An Affiliate
25
Mar

Hacker claims theft of 100 GB of Crunchyroll data | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

0

[ad_1]

A threat actor claims to have obtained 100 GB of confidential user data belonging to Crunchyroll, the well-known anime streaming platform owned by Sony.

The origin of the incident did not occur directly within the company but rather with a third party in India, specifically, its outsourcing provider Telus. The unauthorized access took place on March 12 through the classic ‘supply chain attack.’

According to details shared by the Cyber Digest outlet, the security breach began through a compromised workstation of an employee from this company, which provides customer service operations to Crunchyroll.

The worker unknowingly executed a malicious program, granting the attacker access to the corporate environment. The attacker conducted lateral movements, ultimately gaining entry into internal systems, including the customer service infrastructure and incident management.

The hacker was able to roam freely through the service’s networks for 24 hours before they were disconnected.

Despite the brief duration of presence, the magnitude of the exfiltration suggests a well-prepared operation, likely including automated data collection and rapid preparation techniques to maximize information theft before containment.

The incident coincides with reports related to a broader data leak from Telus Digital, revealed on the same date, in which attackers claimed to have accessed multiple organizations relying on the firm for customer service, data processing through artificial intelligence, and content moderation.

Crunchyroll remains silent

Cyber Digest reviewed a sample of the stolen data, finding IP addresses, email addresses, credit card information, and customer analytics data linked to user behavior.

With all these details in their possession, cybercriminals can commit identity theft, financial fraud, and highly targeted phishing campaigns against Crunchyroll users.

At the time of writing this article, the manga and anime service has not acknowledged the breach nor released an official statement on the matter.

To add more pressure, the threat actor claimed that their attempts to contact the company have been ignored and that no formal notification has been made to users who may be affected.

This year has not been easy for Crunchyroll. Earlier in the year, the company faced a class-action lawsuit for sharing users’ viewing data with third-party marketing platforms without proper consent.

A threat actor claims to have obtained 100 GB of confidential user data belonging to Crunchyroll, the well-known anime streaming platform owned by Sony.

The origin of the incident did not occur directly within the company but rather with a third party in India, specifically, its outsourcing provider Telus. The unauthorized access took place on March 12 through the classic ‘supply chain attack.’

According to details shared by the Cyber Digest outlet, the security breach began through a compromised workstation of an employee from this company, which provides customer service operations to Crunchyroll.

The worker unknowingly executed a malicious program, granting the attacker access to the corporate environment. The attacker conducted lateral movements, ultimately gaining entry into internal systems, including the customer service infrastructure and incident management.

The hacker was able to roam freely through the service’s networks for 24 hours before they were disconnected.

Despite the brief duration of presence, the magnitude of the exfiltration suggests a well-prepared operation, likely including automated data collection and rapid preparation techniques to maximize information theft before containment.

The incident coincides with reports related to a broader data leak from Telus Digital, revealed on the same date, in which attackers claimed to have accessed multiple organizations relying on the firm for customer service, data processing through artificial intelligence, and content moderation.

Crunchyroll remains silent

Cyber Digest reviewed a sample of the stolen data, finding IP addresses, email addresses, credit card information, and customer analytics data linked to user behavior.

With all these details in their possession, cybercriminals can commit identity theft, financial fraud, and highly targeted phishing campaigns against Crunchyroll users.

At the time of writing this article, the manga and anime service has not acknowledged the breach nor released an official statement on the matter.

To add more pressure, the threat actor claimed that their attempts to contact the company have been ignored and that no formal notification has been made to users who may be affected.

This year has not been easy for Crunchyroll. Earlier in the year, the company faced a class-action lawsuit for sharing users’ viewing data with third-party marketing platforms without proper consent.


[ad_2]

——————————————————–


Click Here For The Original Story From This Source.

.........................

Facebook-f Linkedin-in Instagram Tiktok Youtube
Our Products
Company
Other Links

Copyright 2005 – 2025 National Cyber Security

National Cyber Security

FREE
VIEW