Overview
- Cunchyroll, which disclosed its findings Tuesday, said its probe points to customer service ticket data and it sees no evidence of ongoing access.
- Reporting from cybersecurity outlets attributes the intrusion to March 12 through a support agent’s Okta single sign-on after malware stole the agent’s credentials.
- The compromised account allegedly belonged to a Telus International contractor with access to Crunchyroll’s Zendesk support system, with access reportedly cut off after about 24 hours.
- The attacker says they downloaded around 8 million support ticket records that include about 6.8 million unique email addresses, plus names, usernames, IP addresses, locations, and ticket contents.
- Credit card details do not appear widely exposed, according to BleepingComputer, except when users pasted snippets like the last four digits or expiration dates into tickets, and the hacker claims they later demanded $5 million to keep the data private.