Crunchyroll Investigating Data Breach Impacting 6.8 Million Users
Crunchyroll, the world's leading anime and manga streaming platform, is under investigation following claims by a threat actor of stealing personal data belonging to approximately 6.8 million subscribers. The platform, which serves tens of millions of registered users worldwide, acknowledged the situation and stated that an investigation is underway.
| Attribute | Details |
|---|---|
| Platform | Crunchyroll (anime/manga streaming) |
| Claimed Records | ~6.8 million users |
| Data Types Claimed | Personal information (specifics under investigation) |
| Disclosure Source | Hacker claim; Crunchyroll investigation ongoing |
| Status | Under investigation as of March 23, 2026 |
What Happened
A threat actor claimed to have exfiltrated data from Crunchyroll's systems, asserting that personal information for approximately 6.8 million accounts was stolen. The type of data involved has not been fully confirmed, but in incidents of this nature, exposed information typically includes:
- Email addresses and usernames
- Hashed or potentially plaintext passwords
- Subscription and billing status
- Geographic and device information
Crunchyroll, owned by Sony's Funimation subsidiary, is one of the world's most prominent streaming platforms for Japanese animation content with a global subscriber base.
What Crunchyroll Is Doing
The company confirmed it is actively investigating the claims. While details remain limited in the early stages of the probe, affected users and security researchers are monitoring the situation closely.
What Users Should Do Now
Crunchyroll subscribers should take precautionary steps regardless of the investigation's outcome:
- Change your Crunchyroll password immediately — use a strong, unique password not reused elsewhere
- Enable multi-factor authentication (MFA) if available on your account
- Check for password reuse — if you used your Crunchyroll credentials on other services, change those passwords too
- Monitor for phishing emails targeting anime fans or Crunchyroll branding
- Watch for credential stuffing attacks on other accounts where the same email/password combo was used
Context: Streaming Platforms as Breach Targets
Entertainment and streaming platforms have become frequent targets for cybercriminals due to several factors:
- Large, engaged user bases with valid email addresses and payment information
- Password reuse — many subscribers use the same credentials across services
- Token theft — streaming account credentials are monetized through account-sharing markets and credential-stuffing operations
- Brand recognition — high-profile breaches attract attention and demonstrate threat actor capability
Previous high-profile breaches of streaming and entertainment services have resulted in credential markets flooded with account access for services like Netflix, Disney+, and gaming platforms.
Key Takeaways
- 6.8 million accounts are potentially exposed — one of the larger entertainment sector breaches of 2026
- Change passwords immediately and avoid credential reuse across services
- Enable MFA on Crunchyroll and other streaming accounts where supported
- Monitor communications — expect potential phishing campaigns targeting Crunchyroll users
- Crunchyroll's investigation is ongoing — further details on data types and breach scope are expected as the probe advances