Hackers reached out to Cyber Digest with the claim that they breached Sony’s anime streaming service CrunchyRoll. According to the claims shared, 100GB of user data has been exfiltrated from the streaming site. Data was allegedly extracted from CrunchyRoll’s support tools and analytics systems. The compromised data includes: 

• IP addresses 
• Credit card information
• Customer analytics data 
• Email addresses 

At this time, there has been no confirmation from CrunchyRoll to determine the legitimacy of the hackers’ claims. 

The hackers assert that this breach occurred due to the data security incident at TELUS Digital, a business-process outsourcing partner for the streaming service. Hackers accessed a portion of TELUS Digital’s systems, though the company states it has found no evidence to suggest that customer services or connectivity have been disrupted. 

The ShinyHunters cybercriminal group claimed responsibility for the TELUS Digital incident, asserting 700 terabytes of internal data were stolen. After gaining initial access into TELUS Digital’s systems, the hackers allegedly moved laterally into the internal systems of Crunchyroll. 

The reports of this data breach come shortly after the news that Crunchyroll is facing a class-action lawsuit, alleging the organization has shared user viewing habits with marketing firms without user consent.