DISCLOSURE: This article contains affiliate links. If you purchase through these links we may receive a small commission at no additional cost to you. This helps us keep the site free and independent. Our opinions remain unbiased.

On March 12, 2026, an employee at Telus International, the outsourcing company that handles Crunchyroll’s customer support, accidentally executed malware on their computer. That was all it took: the compromised credentials gave attackers direct access to the internal systems of Sony’s anime streaming platform.

From there, jumping to ticketing systems and user analytics platforms was quick work. The attackers downloaded roughly a hundred gigabytes of data before being detected and blocked, about twenty-four hours after initial access.

According to BleepingComputer, which examined samples of the stolen data, the haul amounts to nearly eight million support tickets containing around 6.8 million unique email addresses. The exposed information also includes IP addresses and user activity data. Credit card data exposure was more limited: nothing was stolen from payment systems, but some card details appeared in tickets because users had included them when contacting support. In most cases, this meant just the last four digits or expiration dates, with only a small fraction of tickets containing complete numbers.

Crunchyroll confirmed an ongoing investigation, describing the incident as mainly limited to the customer service ticketing system and denying evidence of continued unauthorized access. However, this statement only came after media reports: the attacker claims to have tried contacting the company without response, and it took press coverage to prompt an official reaction.

The timing is particularly awkward for the company, which is already facing a class action lawsuit for sharing user viewing data with third parties without consent.

This incident is yet another confirmation of a structural problem: outsourcing customer support means extending your attack surface. Anyone with an active Crunchyroll account should change their password immediately, especially if it’s reused elsewhere. To keep everything under control without the hassle, a password manager like Proton Pass is the most practical solution.