Crunchyroll users may want to change their password. The world's largest anime streaming service has reportedly been the target of a cyberattack.
Reports circulating online claim the breach originated through a partner of TELUS, resulting in the exposure of hundreds of gigabytes of personally identifiable user data. The incident allegedly occurred on March 12, 2026, and was contained within 24 hours. However, sources say that roughly 100GB of customer analytics data was compromised before the breach was stopped, with leaked information possibly including IP addresses, email addresses, credit card details, and other sensitive data.
According to the reports, an employee working for TELUS, an outsourcing partner of Crunchyroll, allegedly executed malware on their system, allowing a threat actor to gain access to Crunchyroll’s internal environment.
As of now, Crunchyroll has not publicly acknowledged the alleged breach. However, Telus Digital confirmed on March 12 that it “suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach.”
TELUS Digital operates as the digital services and business process outsourcing (BPO) arm of TELUS, offering services such as customer support, content moderation, AI data solutions, and other outsourced operations for companies worldwide.
"TELUS Digital is investigating a cybersecurity incident involving unauthorized access to a limited number of our systems," the company said in a statement earlier this month following the hack. "Upon discovery, we took immediate steps to address the unauthorized activity and secure our systems against further intrusion. We are actively managing the situation and continue to monitor it closely."
"We have implemented additional security measures to further safeguard our systems and environment," TELUS confirmed. "As our investigation progresses, we are notifying any impacted customers, as appropriate. The security of our customers' information continues to be our highest priority."
At this point, it's hard to say just how much data was ultimately accessed or how many users may have been affected, especially since Crunchyroll hasn't formally acknowledged the breach. However, if the reports are accurate, users who have had their information exposed could be at risk of phishing attempts, identity theft, or unauthorized financial activity.
Just to be safe, Crunchyroll users should update their account passwords immediately, especially if the same login information is used across multiple sites. Other safety precautions include enabling two-factor authentication, if available, monitoring bank and credit card statements for suspicious charges, and keeping an eye out for phishing emails claiming to be from Crunchyroll. If you believe your payment information has been compromised, you may just want to proactively contact your bank to place an alert on your account and replace any cards that are attached to your Crunchyroll account.
We'll continue to monitor the situation and update you with any information we learn or if Crunchyroll issues a formal statement.