Crunchyroll data breach exposes 1.2 million user email addresses

Key facts: Crunchyroll data breach

• Date occurred: March 1, 2026
• Date discovered: April 1, 2026
• Date reported: April 6, 2026
• Target entity: Crunchyroll
• Source of breach: Compromised third-party support agent account
• Data types: Names, usernames, email addresses, IP addresses, geographic location data, support ticket contents
• Status: Confirmed; reported on April 6, 2026.
• Severity: Medium; exposure of contact details and support history increases phishing and social engineering risks.

What happened in the Crunchyroll data breach?

Crunchyroll (crunchyroll.com), the Sony-owned anime streaming platform, confirmed a significant data breach following the addition of 1.2 million unique email addresses to the Have I Been Pwned database. The incident, first reported on April 6, 2026, originated in March 2026 when an unidentified threat actor compromised a support agent account at Telus International, a third-party service provider. The attacker used malware to capture Okta credentials, allowing them to pivot into internal systems including Zendesk, Slack, and Google Workspace.

This unauthorized access resulted in the exfiltration of approximately 8 million support ticket records containing names, usernames, email addresses, IP addresses, and geographic location data. While the attackers reportedly demanded a $5 million ransom, Crunchyroll declined to pay and stated the intrusion was contained within 24 hours. The medium-severity rating reflects the exposure of sensitive communication history and personal identifiers, which could be leveraged for targeted social engineering or phishing campaigns against the platform's extensive user base. Typical risks following such incidents include increased credential abuse and identity theft attempts.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for Crunchyroll customers

For Crunchyroll users, the primary risk involves the exposure of email addresses and support ticket contents. Attackers may use the specific details found in customer support interactions to craft highly convincing phishing emails or social engineering attacks. With geographic data and IP addresses also compromised, affected individuals could face increased risks of credential stuffing or identity-related fraud if the same credentials are used across multiple services.

Typical outcomes of such breaches include a surge in spam and targeted malicious communications. Impacted users should immediately change their account passwords and enable phishing-resistant multi-factor authentication (MFA). It is also advisable to remain vigilant against unexpected emails claiming to be from Crunchyroll support, as transparency regarding the breach helps users take proactive steps to secure their digital identities.

How to protect against similar security incidents

Given the exposure of email addresses and support ticket data at Crunchyroll, users should prioritize securing their accounts against phishing and credential-based attacks.

• Update account credentials. Change your Crunchyroll password immediately and ensure it is unique from other services. Use a password manager to generate and store complex, high-entropy passwords.
• Enable multi-factor authentication. Activate multi-factor authentication (MFA) on your streaming and email accounts. Prefer phishing-resistant methods like hardware security keys or authenticator apps over SMS-based codes.
• Monitor for phishing attempts. Be wary of any unsolicited communications referencing past support tickets or account issues. Verify the sender's email address and avoid clicking links or downloading attachments from unknown sources.
• Implement continuous security monitoring. Use services like Have I Been Pwned to track if your data appears in new breaches. Organizations should deploy attack surface management tools to monitor third-party vendor risks and credential leaks.

Taking these steps promptly can significantly reduce the risk of secondary exploitation following this breach.

Frequently asked questions

What happened in the Crunchyroll security breach?

On April 6, 2026, Crunchyroll (crunchyroll.com) disclosed a security breach. According to initial reports, a threat actor compromised a third-party support agent's credentials to access internal systems, exfiltrating 8 million support ticket records and affecting at least 1.2 million unique email addresses.

When did the Crunchyroll breach occur?

The Crunchyroll breach was publicly reported on April 6, 2026. The initial intrusion is believed to have originated in March 2026 when a third-party service provider's account was compromised.

What data was exposed?

The types of data involved in the Crunchyroll incident include names, usernames, email addresses, IP addresses, geographic location data, and the full contents of customer support interactions.

Is my personal information at risk?

If you interacted with Crunchyroll, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

What steps should companies take after being breached?

Crunchyroll stated they contained the intrusion within 24 hours, secured internal systems, and declined to pay a ransom. The company typically works to notify affected parties, review third-party security protocols, and deploy attack surface management to prevent future incidents.

‍

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.