Alleged third-party hack prompts massive Crunchyroll breach

Cybernews reports that widely known anime streaming platform Crunchyroll had nearly 100 GB of data allegedly stolen from its analytics and support systems following an intrusion against an employee at its business process outsourcing partner Telus earlier this month. Threat actors who lured the Telus employee to run malware on their workstation were able to achieve initial access and lateral movement across the internal systems of Crunchyroll, from which they were able to exfiltrate customer analytics information, IP addresses, email addresses, and credit card details before having their access revoked by the Sony-owned streamer within 24 hours, a report from cybersecurity newsletter Cyber Digest showed. Such an incident comes after Telus Digital was claimed by the ShinyHunters hacking operation to have had 700 TB of data siphoned from its systems. Multiple high-profile organizations have already been targeted by the threat operation since 2020, with the most recent of which being identity protection company Aura and Dutch telecommunications firm Odido.