Crunchyroll, the leading subscription platform for anime streaming, is currently investigating word that it suffered a massive cyber attack, which put the personal information of millions of users at risk. The platform, which is home to several major anime series, such as One Piece and Demon Slayer, as well as smaller, more niche titles, is available in dozens of countries and regions, making the issue particularly problematic.
The claims follow a social media post by International Cyber Digest, a cybersecurity newsletter, which claims to have received word from the alleged hacker about the breach. There, screenshots that were allegedly shared from Crunchyroll's IT systems, giving further evidence to the possibility of a cyber attack.
Apparently, the breach dates back to March 12, as reported by PCMag, with a hacker sharing that they are able to steal user and IP data.
Annie Shirley is the closest we'll ever get to a Stardew Valley anime
This Anne of Green Gables adaptation might be the cutest anime of the year.
“We are aware of the recent claims and are currently working closely with leading cybersecurity experts to investigate the matter,” Crunchyroll said in a statement to PCMag.
The breach revolves around customer service ticket data
Hours later, the company was able to further determine the nature of the attack, pinpointing its nature to customer service data through support tickets.
“At this time, we believe the information is primarily limited to customer service ticket data after an incident with a third-party vendor,” PCMag further reported. “We have not identified evidence of ongoing access to systems related to these claims. We continue to monitor the situation closely.”
Separately, BleepingComputer, an “information security and technology news publication” that also focuses on cybersecurity, reported that the attack stemmed from gaining access to a support agent's SSO login.
The attackers claim that more than 8 million support tickets were blocked from the Zendesk program. Of that number, 6.8 million are reportedly unique email addresses.
Username, login name, email address, IP address, general geographic location and content of support tickets are the information included in these tickets. BleepingComputer further states that credit card information is indeed part of these tickets, although often limited to four-digit numbers or expiration dates and included only for use within the ticket.
The attack on Crunchyroll is not unprecedented, as business process outsourcers, per Bleeping Computer, are often prime targets for cyberattacks because they often have a lot of customer data, including billing information. Furthermore, dealing with a single employee can often yield large amounts of user data, making them a strong target.
For now, it's probably best that any user of Crunchyroll reset their password and check for any suspicious attempts. Until there is the all clear, it's probably best to use some caution.
There is no excuse for not casting a trans actor to play Lev in The Last of Us
Cisgender woman Kirianna Crater has been cast as trans character Lev on HBO's The Last of Us.
