However, the anime-streaming site says the hacker may be exaggerating their claims.
UPDATE:Crunchroll now says: “At this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor. We have not identified evidence of ongoing access to systems in relation to these claims. We are continuing to monitor the situation closely.”
As the investigation continues, BleepingComputer reports that the hacker claims to have downloaded 8 million support ticket records, containing 6.8 million unique email addresses. The support tickets feature a “wide variety of information, including the Crunchyroll user’s name, login name, email address, IP address, general geographic location, and the contents of the support tickets,” the publication says.
Crunchyroll is investigating reports of a security breach after a hacker claimed to have stolen 100GB of data from the anime-streaming service.
“We are aware of recent claims and are currently working closely with leading cybersecurity experts to investigate the matter,” Crunchyroll told PCMag. However, the Sony-owned streamer indicated the breach might be overblown, noting that hackers often exaggerate their claims.
The streaming service is investigating after an X account known as “International Cyber Digest” posted about a hacker reaching out to them about the alleged breach. As evidence, the hacker apparently shared screenshots that suggest they had inside access to Crunchyroll’s IT systems.
“We’ve analyzed sample data and it includes IP addresses, email addresses, credit card details, and more,” Cyber Digest says. “An employee of their outsourcing partner Telus had executed malware on his system, which gave a threat actor access to Crunchyroll’s environment.”
The hacker claims the breach occurred on March 12. the same day a user posted in a hacking forum about stealing email and IP address data from Crunchyroll, according to cybersecurity provider SOCRadar.
Canada-based Telus offers third-party outsourcing and customer support through its Telus Digital business. And on March 12. Telus confirmed to BleepingComputer that it had been breached over a “multi-month” period by the notorious ShinyHunters hacking group. So, we might be looking at two separate hacking incidents at Telus. The company didn’t immediately respond to a request for comment.
So far, ShinyHunters has not boasted about breaching Crunchyroll. The group also reportedly breached Telus using stolen Google Cloud Platform credentials from another attack, rather than tricking an employee into executing malware.
