Last mentioned: Mar 24, 2026
Public Confirmation
Crunchyroll confirms it is investigating the breach claims with leading cybersecurity experts.
Public Investigation
Crunchyroll officially confirms it is probing the breach claims with cybersecurity experts.
Ransom Demand
The threat actor contacts BleepingComputer and claims to have sent a $5 million extortion demand to Crunchyroll.
Extortion Attempt
Threat actors contact BleepingComputer and claim to have sent a $5M ransom demand to Crunchyroll.
Access Revoked
Crunchyroll revokes the compromised credentials after a 24-hour window of unauthorized access.
Access Revoked
Crunchyroll or Telus identifies the intrusion and revokes the compromised credentials after 24 hours.
Initial Breach
Threat actor gains access to Crunchyroll systems via a Telus International agent's Okta account at 9 p.m. ET.
Initial Breach
Hackers infect a Telus International agent's PC and steal Okta credentials at 9 p.m. ET.
Sony-owned streaming giant Crunchyroll is investigating a significant data breach after hackers allegedly stole 8 million support tickets containing personal data for 6.8 million unique users. The breach originated from a compromised third-party support agent at Telus International, highlighting ongoing vulnerabilities in the global supply chain.
Crunchyroll is investigating a significant data breach after hackers allegedly accessed 6.8 million unique user records through a compromised third-party support agent. The breach, which targeted a Telus International employee's Okta credentials, exposed support tickets containing personal details and geographic data.