Crunchyroll disclosed that a breach at a third-party service provider exposed the email addresses of roughly 6.8 million to 7 million subscribers. Reports said the incident affected subscriber contact data rather than payment information or passwords, with the anime streaming company indicating the compromise occurred outside its own core environment.
The exposure raised phishing and account-targeting risks for a large portion of Crunchyroll’s user base, as attackers could use the leaked addresses to impersonate the company or deliver credential-harvesting messages. Coverage of the incident described it as a major supply-chain style data exposure tied to a vendor, underscoring how breaches at external partners can affect millions of customers even when a company’s internal systems are not directly penetrated.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
1 event from the most recent confirmed update back to the earliest known activity.
Crunchyroll disclosed that a breach at a third-party service provider exposed subscriber information, including roughly 6.8 million to nearly 7 million email addresses. Reports indicate the compromised data related to Crunchyroll users rather than a direct intrusion into Crunchyroll's own systems.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.