Crunchyroll’s Allegedly Stolen 1.2 million User Data Has Been Reportedly Sold To A Single User

The alleged Crunchyroll data breach may have taken a serious turn, as new claims suggest that a portion of the stolen data has already been sold.

According to recent Cyber Security news, around 1.2 million user records from a dataset of roughly 2 million were reportedly purchased by a single buyer. This comes shortly after initial claims that a threat actor had exfiltrated large amounts of data through an outsourcing partner, which is believed to be the entry point of the breach.

🚨‼️ BREAKING: The Crunchyroll breach data, leaked via an Indian outsourcing partner, has been sold.

1.2 million of 2 million customer records were purchased by a single buyer.

We've obtained the 1.2 million emails from Mr. Raccoon and will be sharing them with HaveIBeenPwned. pic.twitter.com/DjOYUyW6xe

— International Cyber Digest (@IntCyberDigest) April 3, 2026

The data in question is said to include email addresses and other user-related information, possibly pulled from internal systems such as customer support or analytics platforms.

The threat actor, identified online as “Mr. Raccoon,” has also claimed that the dataset will be shared with Have I Been Pwned, a widely used service that allows users to check whether their data has been exposed in known breaches. If the data appears there, it would add a significant level of credibility to these claims.

Crunchyroll had earlier responded to the situation, stating that they are aware of the reports and are actively investigating with cybersecurity experts. Since then, there has been no detailed public update from the company regarding the scale or validity of the breach.

Edit: Most of the user data has already published in Have I Been Pawned website. Users are advised to stay cautious and keep an eye out for any official announcements. For now, change your passwords just to be safe.

Source: X