6.8 Million Crunchyroll Users Potentially Impacted in Massive Support Ticket Data Breach

A renowned anime streaming platform is presently investigating a serious cybersecurity breach after hackers claimed that they compromised the company's internal systems and stolen personal information from over 6.8 million users. The reported Crunchyroll data breach has sparked severe concerns about data privacy and online security among millions of users worldwide.

The business acknowledged that it is aware of the claims and is conducting an investigation with the assistance of cybersecurity specialists. According to initial investigations, the exposed information appears to be mostly associated with customer support ticket data rather than key platform systems.

According to reports, attackers breached the system by gaining access to a support agent's single sign-on (SSO) account. The support employee reportedly worked for a third-party outsourcing company that managed customer service operations. According to cybersecurity reports, the attackers allegedly compromised the employee's machine with malware and took their login information. This gave them access to a variety of internal tools for customer service and operations. According to reports, these tools included Zendesk, Slack, Google Workspace, Mixpanel, and Jira Service Management. By gaining access to these systems, the attackers claimed to have collected approximately 8 million support ticket records.

Samples of the leaked support tickets reportedly contained several types of personal information, including user names, login usernames, email addresses, IP addresses, approximate geographic locations and details from customer support conversations. In some rare cases, partial payment information appeared in support tickets. However, investigators say credit card data was only present if users manually shared those details while communicating with customer support.

According to cybersecurity experts, business process outsourcing (BPO) organizations have become popular targets for hackers. These providers frequently administer customer assistance, authentication systems, and internal services for a variety of enterprises. By compromising just one worker account at a vendor organization, attackers might obtain access to massive amounts of client data across various platforms.

Recent cybersecurity incidents show that attackers frequently use social engineering techniques to trick support staff or compromise accounts. This approach allows hackers to bypass traditional security systems and access sensitive information. The ongoing investigation will determine the full impact of the breach. For now, the incident highlights the growing risks of cyberattacks targeting customer support systems and third-party vendors in today’s digital ecosystem.

This article is based on information from Bleeping Computer