Crunchyroll addresses series of user account breaches, claims systems are not breached

The anime streaming service Crunchyroll has addressed security concerns regarding multiple breached user accounts on their platform. The company claims that while some user login credentials were exposed on social media, their internal systems remained secure.

It seems the attack is a simple credential stuffing (attackers take credentials leaked from one site's breach and use it on another) or password spraying (attackers try commonly used passwords against many accounts).

Crunchyroll has securing the affected accounts and conducting an investigation.

The exact number of affected accounts and the specific timeframe of the incident were not disclosed. The company has not released information about what specific user data may have been exposed beyond login credentials.

The company recommended that subscribers regularly change their passwords, use unique passwords across different services and don't share passwords. We would add - if possible, activate MFA.