PUBLIC reporting surrounding a possible Crunchyroll data breach remains unconfirmed by the company, with the story framed as alleged or possible rather than fully verified. The data said to be involved includes email addresses and IP addresses, with some reports also mentioning customer analytics and ticketing data; one claim suggested about 100 GB of data may have been exfiltrated, though that figure rests on attacker claims rather than Crunchyroll confirmation.
The discussion intensified after posts described by International Cyber Digest on X and a separate underground signal observed by SOCRadar, including a hacker-forum post showing masked email addresses and masked IP data as samples; according to SOCRadar, this does not prove the full breach narrative but indicates Crunchyroll-related data was circulating in threat-actor spaces.
There is a third-party risk angle tied to Telus, described in outside reporting as part of Crunchyroll’s support environment, while Telus Digital says it is investigating unauthorized access to a limited number of systems. For users, the guidance is practical: change your Crunchyroll password and monitor for suspicious messages, with security teams urged to consider external visibility and third-party risk in their response. Mar 23, 2026.