- Crunchyroll confirms cyberattack via third-party provider
- Hacker accessed support agent’s Okta account and exfiltrated 8 million tickets with 6.8 million emails
- The attacker demanded a $5 million ransom; company investigating, payment data is not directly compromised
Anime streaming platform Crunchyroll has confirmed it suffered a cyberattack and said it is currently investigating allegations of data theft.
A malicious actor working for an unknown hacking group recently said BeepComputer they had infected a support agent’s computer with malware and gained access to their Okta SSO account for 24 hours.
This agent, who apparently worked for business process outsourcing (BPO) company Telus International, had access to Crunchyroll support tickets, which the attacker exfiltrated. By accessing Zendesk, they managed to extract eight million support tickets, allegedly containing 6.8 million unique email addresses.
Article continues below
Hundreds of compromised sites
Other data apparently stolen in the attack included usernames, login names, email addresses, IP addresses, general geographic locations, and support ticket content.
Payment information was not viewed unless it was shared in the ticket. They were also allowed to access other applications, such as Wizer, MaestroQA, Mixpanel, Google Workspace Mail, Jiro Service Management and Slack.
Crunchyroll has confirmed the incident and that it is investigating the matter.
“We are aware of the recent allegations and are currently working closely with leading cybersecurity experts to investigate the matter,” Crunchyroll said.
“Our investigation is ongoing and we continue to work with leading cybersecurity experts. At this time, we believe the information is primarily limited to customer service ticket data following an incident with a third-party vendor.”
“We have not identified any evidence of continued access to systems in relation to these claims. We continue to monitor the situation closely.”
The publication claims that the hacker attempted to extort money from Crunchyroll, demanding $5 million in exchange for deleting the stolen data, but the company did not respond to the offer.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
