Anime fans, heads up. Crunchyroll is currently looking into claims of a cyberattack after a wave of rumors started flooding social media earlier this week.

The concern? Customer data may have been exposed. And while nothing has been confirmed yet, the situation is serious enough that Crunchyroll brought in outside help to dig into it.

What Crunchyroll Said About the Alleged Breach

The company isn’t staying quiet. A Crunchyroll spokesperson told CNET directly: “We are aware of recent claims and are currently working closely with leading cybersecurity experts to investigate the matter.”

So the investigation is real and actively underway. But the breach itself hasn’t been confirmed as of now.

Telus vendor breach giving attackers back door into Crunchyroll

How the Attack Allegedly Happened

According to a report from Cyber Security News, the alleged infiltration happened in mid-March. The entry point wasn’t Crunchyroll directly. Instead, a bad actor reportedly targeted Telus, a company that provides digital operational support services to Crunchyroll and other large businesses.

Think of Telus as a behind-the-scenes contractor. It handles technical infrastructure that powers bigger platforms. So compromising a vendor like this can give attackers a back door into multiple companies at once.

The same report claims the attacker infected systems with malware. If true, billing information, email addresses, and IP addresses could potentially have been accessed. That’s a concerning mix of personal and financial data.

Why This Kind of Attack Is So Common Right Now

Third-party vendor breaches have become one of the most popular methods attackers use today. Instead of hitting a well-defended platform head-on, bad actors find a softer target in the supply chain.

Billing information, email addresses, and IP addresses potentially accessed

Crunchyroll has millions of subscribers worldwide. That makes it a valuable target. And the alleged Telus connection shows how one weak link can potentially compromise an entire network of connected services.

Cyberattacks have grown more frequent across the entertainment and streaming industry. So this situation, while alarming, isn’t surprising in the broader security landscape.

Steps You Can Take Right Now to Protect Your Data

You don’t need to wait for an official breach confirmation to act. Taking proactive steps costs nothing and could save you a real headache later.

Start by changing your Crunchyroll password today. Make it something unique to that platform only. Using the same password across multiple services is one of the biggest vulnerabilities most people overlook.

Change Crunchyroll password and enable two-factor authentication on email

Also update the password for your main email account. Your inbox is often the master key to everything else. Plus, enable two-factor authentication (2FA) or passkeys on your email if your provider supports it.

Then keep a close eye on your accounts over the coming weeks. That means your bank accounts, subscriptions, and any services linked to the email address connected to your Crunchyroll profile. Suspicious login attempts or unfamiliar charges are your early warning signals.

What Happens Next

Crunchyroll hasn’t issued a timeline for its investigation, and that’s fairly typical in early-stage cybersecurity reviews. These things take time to untangle properly, especially when a third-party vendor is involved.

Watch for official updates directly from Crunchyroll rather than relying on social media rumors. The company will likely communicate through its official channels if the breach gets confirmed or if subscriber action becomes necessary.

For now, treat this as a good reminder. Even when your favorite platforms seem secure, the services supporting them behind the scenes can create unexpected risks. A few minutes spent updating your passwords and enabling two-factor authentication is genuinely worth it regardless of how this investigation turns out.