Crunchyroll Breach Exposes 1.2M User Records

Overview

In March 2026, the popular anime streaming service Crunchyroll suffered a significant data breach. The incident, which involved the company’s Zendesk customer support system, initially suggested a potential impact on 6.8 million users. A confirmed subset of over 1.19 million user records, including sensitive support ticket contents, has since been verified and added to the Have I Been Pwned notification service.

What Was Exposed

The breach exposed a range of personal data extracted from user interactions with Crunchyroll’s support team. For the 1.2 million verified accounts, the compromised information includes:

• Email Addresses & Names: Your primary contact information and identity.
• IP Addresses & Geographic Locations: Data that can pinpoint your approximate physical location and internet service provider.
• Support Ticket Contents: The full text of any messages you sent to Crunchyroll support, which could include detailed account issues, personal complaints, or other private information shared in confidence.

Potential Impact

The combination of exposed data creates a high-severity risk. While financial data was not involved, the information is a goldmine for targeted phishing attacks. Criminals can use your name, email, and specific details from your support tickets to craft highly convincing “Crunchyroll” scam emails, increasing the chance you’ll click malicious links or divulge passwords. Your IP address and location can also be used for broader digital profiling or targeted harassment.

Recommendations

If you have ever contacted Crunchyroll support, take these steps immediately:

1. Change Your Crunchyroll Password: Immediately update your password on the Crunchyroll website and app. Use a strong, unique password you don’t use anywhere else.
2. Enable Two-Factor Authentication (2FA): If Crunchyroll offers 2FA, activate it now. This adds a critical second layer of security to your account.
3. Beware of Targeted Phishing: Be extremely cautious of any emails claiming to be from Crunchyroll, especially those referencing past support issues. Do not click links or download attachments. Go directly to the official website to manage your account.
4. Monitor Other Accounts: If you reused your Crunchyroll password elsewhere, change it on those sites immediately, starting with email and financial services.

How to Check If You’re Affected

The simplest way to check if your data was part of this breach is to visit the Have I Been Pwned (HIBP) website. Go to haveibeenpwned.com and enter your email address. The service will tell you if your information was found in the Crunchyroll breach dataset. You can view the specific breach entry here: https://haveibeenpwned.com/Breach/Crunchyroll.

Security Insight

This breach highlights the critical but often overlooked risk posed by third-party support systems like Zendesk. Companies must ensure these integrated platforms have security standards matching their own. The exposure of full support ticket conversations is particularly damaging, turning a routine customer service interaction into a serious privacy violation. For more on evolving digital threats, follow our cybersecurity news coverage.

Further Reading

• All High Breaches
• Recent Data Breaches