Crunchyroll, the popular anime streaming platform owned by Sony, confirmed it's investigating a data breach involving users' personal information after a hacker claimed unauthorized access to the company's systems. The breach affects millions of anime fans worldwide who use the service, raising fresh concerns about streaming platform security. The company disclosed the incident after threat actors began circulating claims of compromised data, though the full scope of exposed information remains under investigation.
Crunchyroll just became the latest streaming giant to fall victim to cybercriminals. The anime-focused platform confirmed Tuesday it's investigating a data breach after hackers claimed they'd gained unauthorized access to systems containing user personal information. The timing couldn't be worse - Crunchyroll recently crossed 13 million paid subscribers and was riding high on the global anime boom.
The breach came to light after threat actors began circulating claims on dark web forums about compromised Crunchyroll data. According to TechCrunch, the company acknowledged the incident but stopped short of detailing exactly what information was exposed or how many users were affected. That ambiguity is sending ripples through the platform's massive user base, which spans across North America, Europe, and Asia.
"We are aware of reports regarding unauthorized access and are actively investigating," a Crunchyroll spokesperson said in a statement. The company emphasized it's working with cybersecurity experts and law enforcement to understand the breach's full scope. But for users, that's cold comfort when their data might already be in criminal hands.
The incident marks a troubling escalation in attacks targeting streaming platforms. Earlier this year, Netflix and Disney+ both dealt with credential-stuffing attacks, while HBO Max confirmed a similar breach in late 2025. Streaming services have become prime targets because they store payment information, email addresses, and detailed viewing histories - a goldmine for identity thieves and social engineers.
