Crunchyroll, the global anime streaming giant owned by Sony and Aniplex, has confirmed a data breach affecting customer service ticket information. The incident, first reported by a hacker claiming unauthorized access, appears to stem from a vulnerability within a third-party vendor, specifically Telus Digital, an outsourcing company handling Crunchyroll’s customer support.
Breach Details and Scope
The hacker alleges access to data concerning millions of Crunchyroll users, including potentially sensitive customer support ticket details. While Crunchyroll states its investigation is ongoing and has not yet confirmed sustained unauthorized access, evidence suggests the breach occurred through exploitation of Telus Digital’s systems. Screenshots circulating online show internal Slack messages and stolen data, indicating the attacker had access until early 2025 before being locked out.
Vendor Vulnerability and Separate Incident
This breach is reportedly separate from a recent, publicly acknowledged incident at Telus Digital itself. This means the compromise was not a direct attack on Crunchyroll’s core systems, but rather a supply chain vulnerability where a partner’s security weakness exposed customer data. The fact that two separate breaches at the same vendor exist highlights systemic issues in outsourced support operations.
Significance and Response
Crunchyroll, acquired by Sony in 2020 for $1.18 billion, boasts over 15 million subscribers worldwide. A breach of this scale could damage user trust and expose sensitive personal information. The company’s initial statement focuses on ongoing investigation, but the incident underscores the risk of relying on third-party vendors for critical customer service functions. Neither Crunchyroll nor Telus Digital has provided full transparency on the extent of data compromised or steps taken to prevent recurrence.
This incident shows how a streaming giant’s security can be undermined through its vendors; it is a critical reminder of the need for stringent oversight and vetting of outsourced services.
