The breach was done through an outsourcing partner located in India.
Crunchyroll is investigating reports of a potential security breach, after a hacker claimed to have stolen 100GB of data from the anime streaming service.
In a statement to PCMag, the Sony-owned platform said it is working with cybersecurity experts to verify the claims, noting that such reports are sometimes exaggerated.
The alleged breach is now under investigation
The investigation follows posts from an account called “International Cyber Digest,” which said a hacker had shared screenshots suggesting access to Crunchyroll’s internal systems.
The group also claimed that the data includes sensitive user information such as email addresses, IP addresses, and credit card details, alleging that the breach may have originated from malware executed on a system belonging to an employee of outsourcing partner Telus.
They further revealed that the breach occured on 12 March, 2026.
Crunchyroll has issued another statement through PCMag addressing the alleged breach, saying that the exposed data appears to be limited to customer service ticket information linked to an incident involving a third-party vendor in India.
“At this time, we believe that the information is primarily limited to customer service ticket data… We have not identified evidence of ongoing access to systems in relation to these claims,” the company said, adding that it is continuing to monitor the situation.
Additionally, BleepingComputer reports that the hacker claims to have obtained around 8 million support ticket records, including 6.8 million unique email addresses. The data allegedly includes user names, login names, email addresses, IP addresses, general location data, and the contents of support tickets.