In The Event Of
Get started free
C

Crunchyroll Data Breach 2026:
What You Need to Know

On 24 March 2026, Crunchyroll confirmed that attackers had compromised a support-agent account at Telus International and pivoted into the company's Zendesk support system. The dataset exposes names, login names, emails, IP addresses, approximate locations and the contents of past support tickets for around 1.2 million users (Have I Been Pwned), with the attacker alleging the underlying dataset is larger.

Breach date:12 March 2026
Disclosed:24 March 2026
Records affected:~1.2M (HIBP) / 6.8M alleged
Risk level:High

Your personal risk from this breach

Sign in or create a free account to see your personalised risk score.

View My Risk

What Happened

How the Crunchyroll Breach Unfolded

12 March 2026

An unidentified threat actor compromised a support-agent account at Telus International, a Crunchyroll outsourced support provider. The attacker used malware to capture Okta single-sign-on credentials and pivoted into internal systems including Zendesk, Slack and Google Workspace.

24 March 2026

Crunchyroll publicly confirmed the breach after a hacker forum claimed the dataset was for sale. The exposed records originated from the company's Zendesk support system and contained name, login name, email address, IP address, general geographic location and the contents of support tickets. Crunchyroll said it had declined a reported $5 million ransom demand and contained the intrusion within 24 hours.

April 2026

Have I Been Pwned added the Crunchyroll breach to its database with 1.2 million unique email addresses, while the attacker continued to claim 6.8 million users were affected. A class-action lawsuit was filed in the United States alleging Crunchyroll failed to prevent the breach.

The affected dataset is Zendesk support data, not the main Crunchyroll subscriber database. Passwords and full payment information were not in scope. Users who never opened a Crunchyroll support ticket are not in the leaked dataset.

What Was Exposed

Personal Data Leaked in the Breach

Data TypeRisk LevelWho Was Affected
Full nameHighAll users with prior Crunchyroll support tickets
Email addressHighAll users with prior Crunchyroll support tickets
Login nameMediumAll users with prior Crunchyroll support tickets
IP addressMediumAll users with prior Crunchyroll support tickets
Approximate geographic locationMediumDerived from the IP address
Contents of support ticketsHighAll users with prior tickets; can include payment-issue context, account-recovery details and personal disclosures

Risk levels based on the OAIC: What is personal information? and OAIC Australian Privacy Principles. Support-ticket contents are rated high because they often contain personal context (refund explanations, account-recovery details) that gives phishing emails an unusual level of authenticity.

✅ Confirmed NOT Exposed

Crunchyroll has stated that account passwords, full credit-card primary account numbers (PANs), CVV values, watch history and main subscriber database records were not part of the exposed dataset. The breach affected the Zendesk support environment only. Users who never opened a Crunchyroll support ticket are not in the leaked data.

Company Response

What Crunchyroll Did

“We are aware of a security incident affecting our support environment and have taken steps to contain it. We did not pay the ransom that was demanded, and the intrusion was contained within 24 hours. We are working with external security experts to confirm scope and notify affected users.”
Crunchyroll statement, March 2026 (paraphrased from reported sources)

Actions Taken by Crunchyroll

  • Contained the intrusion within 24 hours and revoked the compromised Okta single-sign-on credentials
  • Declined the reported $5 million ransom demanded by the attacker
  • Engaged external cyber-forensics specialists to confirm scope across Zendesk, Slack and Google Workspace
  • Coordinated with Telus International to review the compromised support-agent workflow
  • Submitted the dataset to Have I Been Pwned and began notifying affected users with details of fields exposed
Crunchyroll AboutOAIC: Notifiable Data Breaches

What Now?

Steps You Can Take After the Crunchyroll Breach

The biggest risk from this breach is targeted phishing using your real support history. Anything you typed into a past Crunchyroll support ticket, including refund explanations, screenshots and account-recovery notes, may now be in the dataset. Account passwords were not part of the breach.

Crunchyroll and Streaming Accounts

The Zendesk support data was exposed; your Crunchyroll login itself was not. Still worth basic hygiene.

Enable two-factor authentication on Crunchyroll

~5 min
Although account passwords were not exposed in this incident, enabling 2FA prevents attackers from using credential-stuffing data they may have obtained elsewhere. Review the list of devices logged into your account at the same time and revoke anything unfamiliar.
Crunchyroll account settings

Review past support tickets for sensitive content

Open your Crunchyroll account / support history and skim recent tickets. If you ever pasted partial billing information, location details, or other personal context, assume that is now in the leaked dataset and be alert for phishing that quotes it back at you.

Email and Digital Identity

Your email is the key to your digital identity. Securing it is a sensible first step.

Strengthen email security

~5 min
Updating the password and enabling MFA on email accounts associated with the breach is widely recommended. It is also worth checking email forwarding rules and connected app permissions, as these can be exploited to silently intercept communications.

Use a password manager

If you are reusing passwords across multiple sites, a password manager is the single most effective change you can make. Tools like 1Password, Bitwarden or your platform's built-in manager generate unique credentials per site so a single breach cannot cascade.

Identity Protection

Support-ticket context is the unusual ingredient here. It lets attackers reference your real history.

Treat any 'Crunchyroll support is following up' email as suspicious

Attackers can use the leaked ticket history to craft emails that quote your actual past complaint or request, then redirect you to a phishing page. Always go directly to crunchyroll.com or the official app rather than clicking through. Crunchyroll will never ask for your password by email.

Be alert for tax / refund / account-recovery phishing

If you ever raised a refund or billing issue with Crunchyroll support, that context can now be combined with general financial-fraud playbooks. A common follow-up pattern is an email claiming the 'previous refund failed' and asking you to re-enter card details on a fake portal.

Monitoring and Reporting

Resources for breach response.

Contact IDCare or report to Scamwatch (AU)

IDCare (1800 595 160) is Australia's national identity and cyber support service. Reporting to Scamwatch helps authorities track streaming-themed scams.

Not sure which of your accounts are affected?

In The Event Of discovers your accounts automatically and alerts you in real time when new breaches affect your data.

Check My Email Free

Are You Still at Risk?

Compound Risk: Crunchyroll Plus Other Third-Party Support Leaks

The Crunchyroll incident fits a pattern of outsourced support-platform breaches: an attacker compromises one support-agent account, then pivots into a shared SaaS like Zendesk that holds rich personal context for thousands of brands. When customers are caught in multiple such breaches, the combined ticket history is a powerful phishing toolkit.

Why this matters

Reused support stacks (Zendesk, Salesforce Service Cloud, ServiceNow) mean that one third-party compromise can spill contact + history data across many unrelated services. If your email appears in multiple support-platform breaches, the aggregated ticket context is highly useful for spear phishing.

  • Workday (2025)Salesforce CRM data taken via support-agent social engineering
  • Allianz Life (2025)1.4M records taken from Salesforce via vishing of helpdesk
  • Salesforce (2025)Multi-victim wave; CRM contact + ticket data exfiltrated
  • Canvas / Instructure (2026)Education-tech breach; private messages and contact details exposed

In The Event Of can show where your credentials appear across multiple breach datasets and help you prioritise resets.

Were you affected?

Find out in 30 seconds. Free to check.

Check My Email Free

No credit card required.

Frequently Asked Questions

Crunchyroll Breach FAQ

Sources

  1. Have I Been Pwned: Crunchyroll Data Breach
  2. TechCrunch: "Crunchyroll confirms data breach after hacker claims unauthorized access" (24 Mar 2026)
  3. BleepingComputer: "Crunchyroll probes breach after hacker claims to steal 6.8M users' data"
  4. UpGuard: Crunchyroll data breach exposes 1.2 million user email addresses
  5. Crunchyroll: About / Press
  6. OAIC: Notifiable Data Breaches Scheme (Australia)
  7. OAIC: What is personal information? (Privacy Act 1988 categories)
  8. OAIC: Australian Privacy Principles

Other Major Australian Data Breaches

Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.

NYC Health + Hospitals Data Breach 2026

~1.8M records exposed

Critical

Australian Courts Data Breach 2026

Thousands of files records exposed

Critical

youX Data Breach 2026

~444K records exposed

High

Prosura Data Breach 2026

300K-500K records exposed

High

Canvas (Instructure) Data Breach 2026

~275M (claimed) records exposed

Medium

Booking.com Data Breach 2026

Undisclosed records exposed

High

McGraw Hill Data Breach 2026

13.5M records exposed

High

Eurail Data Breach 2026

300K+ records exposed

High

Basic-Fit Data Breach 2026

1M records exposed

High

Under Armour Data Breach 2025

72M records exposed

High

Salesforce (ShinyHunters) Data Breach 2025

~1B records exposed

High

Allianz Life Data Breach 2025

2.8M records exposed

High

Workday Data Breach 2025

Undisclosed records exposed

Medium

Western Sydney University Data Breach 2025

10K records exposed

High

Genea Fertility Data Breach 2025

940K records exposed

Critical

DeepSeek Data Breach 2025

1M records exposed

Medium

Tangerine Telecom Data Breach 2024

232K records exposed

High

Australian Clinical Labs Data Breach 2022

223K records exposed

Critical

Qantas Data Breach 2025

5.7M records exposed

High

Optus Data Breach 2022

9.8M records exposed

Critical

Medibank Data Breach 2022

9.7M records exposed

Critical

Latitude Financial Data Breach 2023

14M records exposed

Critical

MyDeal (Woolworths) Data Breach 2022

2.2M records exposed

High
View all breach guides →

Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. The information is based on publicly available sources at the time of writing and may not reflect the most current developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with Crunchyroll, LLC or its parent Sony Group Corporation. If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.