Post Reply Crunchyroll account details leak - Urgent!
9034 cr points
Send Message: Send PM GB Post
19 / M / UK
Offline
Posted 1/29/16
I wish to keep the details of this leak secret as the pastebin provides sensitive information of over 1000 crunchyroll users, including their passwords and email addresses, could a administrator please contact me through direct message and I can give the link immediately.

This was found through the use of the site: https://haveibeenpwned.com
In which I entered my email to find myself on a pastebin involving many usernames an passwords; I've changed my password since the leak, but I think it's quite important that this is taken down.

38966 cr points
Send Message: Send PM GB Post
26 / M / Your friendly nei...
Offline
Posted 1/29/16
seems like a trap
Der Zoodirektor
23403 cr points
Send Message: Send PM GB Post
34 / M / Germany
Online
Posted 1/29/16
Send it in via /contact.
18466 cr points
Send Message: Send PM GB Post
43 / M / Finland
Offline
Posted 1/31/16
Crunchyroll really should start taking security a bit more seriously. Or maybe they do but we users for sure aren't seeing those efforts...

One issue that's been addressed a lot of times by users in these posts is that Crunchy sends email confirmation link to the new one, instead of the old email.
No notification email if password is changed.
Validation link for email is over plain http.

For now, follow best practices as a user of this site;

-Have a strong unique password
-Change password frequently
-Keep a close eye on charges related to the site.
-Use an alternate form of your email for Crunchy specifically(most email services let you create those)(Helps you quickly identify the source of leaked info)
Der Zoodirektor
23403 cr points
Send Message: Send PM GB Post
34 / M / Germany
Online
Posted 1/31/16

Gracias2 wrote:

Crunchyroll really should start taking security a bit more seriously. Or maybe they do but we users for sure aren't seeing those efforts...

One issue that's been addressed a lot of times by users in these posts is that Crunchy sends email confirmation link to the new one, instead of the old email.
No notification email if password is changed.
Validation link for email is over plain http.

For now, follow best practices as a user of this site;

-Have a strong unique password
-Change password frequently
-Keep a close eye on charges related to the site.
-Use an alternate form of your email for Crunchy specifically(most email services let you create those)(Helps you quickly identify the source of leaked info)


The accounts in questions are those of users who employ very bad password management. Do NOT ever use the same password/email combination for more than one service, and you will NEVER have an issue, unless you are stupid/careless enough to infect your PC with a trojan.

The list the user refers to is from March of last year, so chances are high that we addressed them already anyway. Plus, the list is actually a list of Hulu credentials, not a list of Crunchyroll credentials. More proof of carelessness on behalf of the affected users.
28608 cr points
Send Message: Send PM GB Post
F / ᵗ ᵉ ˣ ᵃ ˢ
Offline
Posted 1/31/16 , edited 1/31/16
Well, since Shinryou already responded to you, gracias2 it would not really be CR problem for "claiming to have" lack of security, since after all, it was the users problem to have such easy passwords.
This is CR's term and policy thing about accounts.


You are responsible for safeguarding and maintaining the confidentiality of your username, password and corresponding Crunchyroll account information. You agree not to disclose your password to anyone. You agree that you are entirely and solely responsible for any and all activities or actions that occur under your Crunchyroll account, whether or not you have authorized such activities or actions. You agree to immediately notify Crunchyroll of any unauthorized use of your username, password or Crunchyroll account.



You are solely responsible for your interactions (including any disputes) with other Crunchyroll Users. You understand that Crunchyroll does not in any way screen Crunchyroll Users. You are solely responsible for, and will exercise caution, discretion, common sense and judgment in, using the Site and Services and disclosing personal information to other Crunchyroll Users. You agree to take reasonable precautions in all interactions with other Crunchyroll Users, particularly if you decide to meet a Crunchyroll Users offline, or in person. Your use of the Site, Services, Crunchyroll Content and any other content made available through the Site or Services is at your sole risk and discretion and Crunchyroll hereby disclaims any and all liability to you or any third party relating thereto. Crunchyroll reserves the right to contact Crunchyroll Members, in compliance with applicable law, in order to evaluate compliance with the rules and policies in these Terms of Use. You will cooperate fully with Crunchyroll to investigate any suspected unlawful, fraudulent or improper activity, including, without limitation, granting authorized Crunchyroll representatives access to any password-protected portions of your Crunchyroll account.


So from what I read, that pretty much sums up what Shinryou said but in a simple way. And all my accounts are safe, none of it is leaked.
37709 cr points
Send Message: Send PM GB Post
45 / Seattle
Offline
Posted 2/1/16
Quite true. I know I feel much safer knowing that Crunchyroll's systems are so secure and error-free that they don't even need to check any more to be certain. It's absolutely the sole responsibility of every one of the people whose accounts have been compromised, every person who says they canceled but then got charged the next month, every person who gets charged for an account they thought didn't go through (i.e. double charges), every person who has stuttering/lag/freezing, every person who never gets a response to their customer service tickets... we could go on for quite a while longer, but I think the point is clear. Crunchyroll has never had any problems with any of their systems working less than perfectly - so they don't need to give a crap about something that's not their problem, or even pretend they do. It's all those other easily-hacked sites, stupid users, and big fat liars* who have the problems - after all, they must have done something to deserve it.

* - I mean, what else could they be? They contradicted Crunchyroll's official version.
You must be logged in to post.