Earlier this month, a malicious actors was reported to have purloined information of some 6.8 million user accounts from anime streaming service Crunchyroll according to BleepingComputer.
The incident was claimed to have taken place on Thursday, March 12th, 2026, through a hijacked employee account working for Telus Digital (previously Telus International), a subsidiary of Vancouver-based Telus Corp. Telus Digital provides business outsourcing to companies, including Crunchyroll, for customer support, which is among its many services offered.
Allegedly, the incursion was limited to around 24 hours before it was discovered and the hacker’s access terminated.
Telus recently suffered a larger — and unrelated — attack in which a staggering 700 terabytes of information were poached by hacking group ShinyHunters.
I reached out Crunchyroll and they responded with a statement that an investigation is ongoing and they are working “with leading cybersecurity experts.” The statement continued, “[a]t this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor. We have not identified evidence of ongoing access to systems in relation to these claims. We are continuing to monitor the situation closely.”
As of now, it appears only information submitted through Crunchyroll’s support ticketing system was pilfered, which contained names, email addresses, IP addresses, geographic location data, and data shared between customers and support staff. It’s reported that some support tickets may have included partial payment card information used to resolve billing issues.
Based on this, it does not appear that any critical information, such as passwords and payment information, were compromised in this incident.
Concerned anime fans with Crunchyroll accounts can always change their passwords. Good security hygiene recommends a strong, unique password for every system an account holder has and to enable multi-factor authentication (MFA) when available. It’s also prudent to never provide full payment card information over cleartext channels like email or chat. Additionally, be mindful of emails and text messages that contain links or attachments, especially if you’ve never interacted with the sender previously.
Sources: BleepingComputer, Crunchyroll
© Crunchyroll, LLC
Did you find a typographical or factual error in this article? Please let us know!
All comments are subject to our comment policy. Your comment may be held for moderation, censored, or removed if it does not meet our standards.