Crunchyroll breach: 100GB of user data reportedly exposed
What's the story
Crunchyroll, the world's largest anime streaming service, may have suffered a major data breach, International Cyber Digest reports on X. The cybersecurity newsletter suggests that the attack was carried out through TELUS, an outsourcing partner, and resulted in the exposure of personally identifiable user information. The incident is said to have occurred on March 12, 2026, and was contained within 24 hours.
Information theft
Sensitive user information may have been leaked
The reports indicate that around 100GB of customer analytics data was stolen before the breach was contained. The leaked information could include IP addresses, email addresses, credit card details, and other sensitive data. A TELUS employee is said to have executed malware on their system, giving a threat actor access to Crunchyroll's internal environment.
Twitter Post
Take a look at the post
🚨‼️ BREAKING: Crunchyroll breached through outsourcing partner in India.
— International Cyber Digest (@IntCyberDigest) March 22, 2026
A threat actor exfiltrated data from Crunchyroll's ticketing system and also managed to pull 100 GB of personally identifiable customer analytics data.
We've analyzed sample data and it includes IP… pic.twitter.com/BcxGN1Y2Lv
Company response
TELUS Digital confirmed the security incident
While Crunchyroll has not publicly acknowledged the alleged breach, TELUS Digital confirmed on March 12 that it suffered a security incident. The company said "threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach." In a statement earlier this month, TELUS Digital said they are investigating a cybersecurity incident involving unauthorized access to some of their systems.
Incident response
Steps taken by TELUS to address the issue
TELUS Digital said they took immediate steps to address the unauthorized activity and secure their systems against further intrusion. The company also confirmed that they have implemented additional security measures to safeguard their systems and environment. As the investigation progresses, TELUS Digital is notifying any impacted customers as appropriate, with the security of customer information being their highest priority.
User safety
What should users do?
The full extent of the data accessed or number of users affected remains unclear, as Crunchyroll hasn't officially acknowledged the breach. However, if reports are true, users whose information has been compromised could be at risk of phishing attempts, identity theft, or unauthorized financial activity. To stay safe, Crunchyroll users should change their account passwords immediately and enable two-factor authentication if available.