Sony-owned anime streaming service Crunchyroll has been linked to a reported data breach following a cyberattack on Telus, a Canadian-based telecommunications and outsourcing provider. The incident has not been officially confirmed by Crunchyroll at the time of reporting, but details have been shared by a threat actor and reviewed by cybersecurity researchers.
According to the report, attackers gained access to Crunchyroll systems through a compromised employee account at Telus, which provides business process outsourcing services to the platform. The intrusion reportedly began when malware was executed on the employee’s device, allowing the attacker to move laterally into Crunchyroll’s internal systems.
The threat actor claims to have exfiltrated approximately 100GB of data from Crunchyroll’s analytics and customer support systems. The exposed information is said to include email addresses, IP addresses, credit card details, and customer analytics data containing personally identifiable information.
Investigators said the breach was detected and access was revoked within around 24 hours. Despite the limited window, the volume of data allegedly taken suggests the operation was prepared in advance and carried out quickly once access was established.
The activity has been linked to the ShinyHunters group, which has previously been associated with attacks targeting large organisations. The same group has also claimed responsibility for the wider Telus breach, in which large amounts of data were reportedly accessed across multiple client systems.
Telus has confirmed that it is investigating a cybersecurity incident involving unauthorised access to a limited number of its systems. The company said there is no evidence of disruption to its core services and that it is working with external experts and law enforcement as part of the investigation.
Crunchyroll has not publicly confirmed the breach, and the full scope of the incident remains unclear. Researchers said that if the claims are verified, the exposed data could be used in financial fraud, phishing, or other targeted attacks against users.
The reported incident highlights how attacks on third-party providers can affect multiple organisations that rely on shared infrastructure and services.