The popular anime streaming platform Crunchyroll confirmed on Monday evening that a batch of customer information leaked online over the weekend is legitimate. 

In a statement to Recorded Future News, a spokesperson for the company said their investigation into the stolen documents is ongoing alongside cybersecurity experts. 

“At this time, we believe that the information is primarily limited to customer service ticket data following an incident with a third-party vendor. We have not identified evidence of ongoing access to systems in relation to these claims,” the spokesperson said. 

Last Thursday, an unidentified threat actor contacted the outlets BleepingComputer and International Cyber Digest claiming to have breached the account of an employee of Telus — a business process vendor of Crunchyroll in India that has access to Crunchyroll support tickets. 

The hacker infected the employee's device with malware and claimed to have stolen 100 gigabytes of data from Crunchyroll's ticketing system.

International Cyber Digest confirmed that samples included IP addresses, email addresses and other information. 

The hacker claimed they breached the account on March 12 but had their access revoked within 24 hours.

Screenshots shared with both outlets showed access to Crunchyroll’s Slack, Zendesk, Google Workspace and other company platforms.

The cybercriminal told BleepingComputer they stole information on 6.8 million people through about 8 million downloaded support tickets. Some tickets had partial credit card information. The hacker told the outlet they demanded a $5 million payment to not leak the info but Crunchyroll never responded. 

Crunchyroll is a subsidiary of Sony, which bought the popular anime and gaming platform for more than $1.1 billion from AT&T in 2021. Founded in 2006, the site now has 17 million paying subscribers on top of 120 million registered users in dozens of countries. 

Hackers have repeatedly targeted the third-party contractors that large companies hire to handle support tickets and other tasks. 

Instant messaging platform Discord revoked the access of one third-party vendor in October after hackers stole information concerning customers who communicated with support or trust and safety teams.

Household cleaning products manufacturer Clorox sued its help desk contractor Cognizant last year over accusations that it did little to stop hackers from breaching its systems in advance of a devastating ransomware attack.