A threat actor breached Crunchyroll by compromising the Okta SSO account of a Telus International support agent using malware. This allowed them to access various Crunchyroll applications, including Zendesk, from which they exfiltrated 8 million support ticket records containing 6.8 million unique email addresses and other personal data.
Initial Access
Agent's Machine Compromised
confirmed
A Telus International support agent's computer was infected with malware, which was the initial vector for the attack.
Defender cut points
Implement endpoint detection and response (EDR) with behavioral analysis to detect and block malware execution.Provide regular security awareness training to employees, especially third-party contractors, on identifying and avoiding malware.
