This is for you if you watch anime on Crunchyroll... A data breach has made passwords and email addresses public.
Crunchyroll is a streaming platform offering popular anime movies and series. Known for its affordable, ad-free subscriptions, this popularity has made it a target for cybercriminals. According to Hackmanac, Crunchyroll suffered a data breach that resulted in the leak of over 100 gigabytes of subscriber data.
The media outlet revealed that the breach occurred via a phishing attack targeting an employee of Telus Digital, a company contracted by Crunchyroll in India. After executing this cybercriminal technique, malware was installed on a computer, enabling the hackers to obtain Okta credentials and gain access to Crunchyroll's internal systems.
As a result, the phishing attack exposed more than 100 gigabytes of sensitive data—from IP addresses, full names, phone numbers, billing details, account information, emails, and passwords—while CyberSecGuru has yet to confirm whether banking information is in the hands of malicious actors or how many people were affected by this massive leak.
However, the cybersecurity expert adds that the breach affected partial credit card data, although it was previously assumed that the cybercriminals did not have access to the encrypted database but rather to the incident logs—a section of the streaming platform that includes incomplete card numbers and images of receipts.
In light of this situation, those with a Crunchyroll account should change their passwords, check which devices can access the account, enable two-factor authentication, review bank statements for any unwanted charges, avoid clicking on suspicious links that attempt to impersonate Crunchyroll, and access the platform through the official app.