Post Reply CRUNCHYROLL MODS/EMPLOYEES, NOTIFICATION OF SECURITY BREACH
4037 cr points
Send Message: Send PM GB Post
19 / M / Underworld
Offline
Posted 2/3/17 , edited 2/3/17
Yes this is my second thread after finding my account compromised, but this one has a completely different purpose.

The purpose is to let anyone who works at crunchyroll know that there has been a breach regarding the username and passwords of users. I cannot tell if all of these are premium, but as I am I can confirm that at lease some are.

I will now post a link to all the compromised accounts.
CR, can you please revert the emails and passwords of these accounts and/or notify their owners? It really sucks to go through this, and If I can help the others affected by then then I would be glad too.

The Link: [has been removed by a mod, explained in reply]


The original page has already been torn down, but as my info is pasted on it I was able to find it.

My suggestion would be an implementation of two step verification to a phone regarding changes in sensitive information. Also, a verification email wouldn't hurt.

Good Luck to all affected.
Dragon
65200 cr points
Send Message: Send PM GB Post
Offline
Posted 2/3/17

ReduxPulse wrote:

Yes this is my second thread after finding my account compromised, but this one has a completely different purpose.

The purpose is to let anyone who works at crunchyroll know that there has been a breach regarding the username and passwords of users. I cannot tell if all of these are premium, but as I am I can confirm that at lease some are.

I will now post a link to all the compromised accounts.
CR, can you please revert the emails and passwords of these accounts and/or notify their owners? It really sucks to go through this, and If I can help the others affected by then then I would be glad too.

The Link: [has been removed by a mod, explained in reply]


The original page has already been torn down, but as my info is pasted on it I was able to find it.

My suggestion would be an implementation of two step verification to a phone regarding changes in sensitive information. Also, a verification email wouldn't hurt.

Good Luck to all affected.


Hi,

I'm the mod who removed your link. Unfortunately, it looks like it does include valid login information, so that kind of thing is really dangerous to have posted here. Please contact support with it, or hopefully a support staff member will see your thread here and address it.

If you could modify the list to just have usernames theoretically impacted, that'd probably be helpful as well. I'll also be contacting support with that link of the full login info so they can jump on it.

Unfortunately, we mods can't really do much more than users can in cases like this. If anyone sees their account compromised, contacting support via /contact or [email protected] is the best approach, and if you report your own account as compromised, we can also ban you until that's resolved so that it doesn't look like you're posting awful things.
4037 cr points
Send Message: Send PM GB Post
19 / M / Underworld
Offline
Posted 2/3/17 , edited 2/3/17
As long as you have brought it forward to support, then that's all that matters. And yes, unfortunately my account was the first on that list and was hijacked a few days ago. I have already contacted support and am awaiting a reply.
4379 cr points
Send Message: Send PM GB Post
17 / F
Offline
Posted 2/3/17
That is quite concerning. Is it possible information could had been breached or taken when CR had the weird attack thing that caused http error 500? my knowledge when it comes to these things is quite low so I don't think I'm correct however I wanted to ask if it was possible.
Der Zoodirektor
26165 cr points
Send Message: Send PM GB Post
35 / M / Germany
Online
Posted 2/3/17 , edited 2/3/17

LunaTakimoto wrote:

That is quite concerning. Is it possible information could had been breached or taken when CR had the weird attack thing that caused http error 500? my knowledge when it comes to these things is quite low so I don't think I'm correct however I wanted to ask if it was possible.


His password was stolen on another website and then used on Crunchyroll.

It's just another case of weak password management. Don't ever recycle passwords across multiple services.
4379 cr points
Send Message: Send PM GB Post
17 / F
Offline
Posted 2/3/17

shinryou wrote:


LunaTakimoto wrote:

That is quite concerning. Is it possible information could had been breached or taken when CR had the weird attack thing that caused http error 500? my knowledge when it comes to these things is quite low so I don't think I'm correct however I wanted to ask if it was possible.


His password was stolen on another website and then used on Crunchyroll.

It's just another case of weak password management. Don't ever recycle passwords across multiple services.


Ahhh okay.

Good to know as I know then I'll be fine.
999 cr points
Send Message: Send PM GB Post
17 / M / Columbus, OH
Offline
Posted 2/3/17

ReduxPulse wrote:

Yes this is my second thread after finding my account compromised, but this one has a completely different purpose.

The purpose is to let anyone who works at crunchyroll know that there has been a breach regarding the username and passwords of users. I cannot tell if all of these are premium, but as I am I can confirm that at lease some are.

I will now post a link to all the compromised accounts.
CR, can you please revert the emails and passwords of these accounts and/or notify their owners? It really sucks to go through this, and If I can help the others affected by then then I would be glad too.

The Link: [has been removed by a mod, explained in reply]


The original page has already been torn down, but as my info is pasted on it I was able to find it.

My suggestion would be an implementation of two step verification to a phone regarding changes in sensitive information. Also, a verification email wouldn't hurt.

Good Luck to all affected.


Thank you for bring this up I sometimes use the same passwords for different anime sites need to change my passwords now.










4037 cr points
Send Message: Send PM GB Post
19 / M / Underworld
Offline
Posted 2/3/17
Yes Shinryou is correct, it was an old password that I had neglected to update. No fault of Crunchyroll at all.
Although, I still think a confirmation email would would work wonders, at least when it comes to changing sensitive information like email and/or passwords.

You must be logged in to post.