Last Update: 04/05/2026 at 2:50 PM EST
Third-Party Breaches Expose User Data
Coverage from BleepingComputer, TechCrunch, and others
Articles
3
Latest Article
03/25
Active Days
3
Executive Summary
Vendor-linked breaches at Crunchyroll and HackerOne exposed user and employee personal data, underscoring privacy risks in outsourced support and benefits systems.
- Crunchyroll said it is investigating claims of unauthorized access involving support ticket data
- Hackers claimed access through an Okta SSO account tied to a Telus support agent
- The attackers alleged they downloaded about 8 million support ticket records with 6.8 million unique emails
- Exposed data reportedly included names, logins, emails, IP addresses, location, and ticket contents
- Crunchyroll said it found no evidence of ongoing unauthorized access
- HackerOne said a Navia breach exposed employee personal data, including US Social Security numbers
- Navia said financial data and claims systems were not compromised
Quick Facts
- What: Vendor-linked breaches exposed personal and support data
- Where: Crunchyroll support systems and Navia systems
- Why: Attackers targeted third-party access to reach sensitive data
- Who: Crunchyroll and HackerOne customers and employees
- When: March 2025 for Crunchyroll and late 2025 to 2026 for Navia
Coverage Timeline: 3 Days
Featured Article
Crunchyroll reported a vendor-linked breach of customer support ticket data after suspected Okta single sign-on account compromise on March 12.
Additional Articles
⭐⭐⭐
Crunchyroll investigated alleged data theft after hackers claimed access via an Okta SSO account for a Telus International support agent led to millions of Zendesk ticket records.
HackerOne reported a Navia vendor breach in the United States between December 2025 and January 2026 that exposed personal data, including US Social Security numbers, for 287 employees.