Post Reply Many premium accounts breached
36019 cr points
Send Message: Send PM GB Post
F / Omaha, NE
Offline
Posted 3/2/18 , edited 3/3/18
In December 2017, someone posted a paste full of premium Crunchyroll email addresses and passwords.

My account was breached too.

I notified CR of this two days ago and they have refused to take action. They have told me to change my password but I demanded they notify the affected users.

Please change your password and consider deleting your account.
Der Zoodirektor
27069 cr points
Send Message: Send PM GB Post
36 / M / Germany
Offline
Posted 3/3/18 , edited 3/3/18

sonyaegarza wrote:

In December 2017, someone posted a paste full of premium Crunchyroll email addresses and passwords.

My account was breached too.

I notified CR of this two days ago and they have refused to take action. They have told me to change my password but I demanded they notify the affected users.

Please change your password and consider deleting your account.


The correct approach is not using the same password across multiple services. Your password was likely stolen in the breach of another website and then checked against our login page. Run your email address through a service like haveibeenpwned.com to figure out where it was actually stolen and what other sites you use may be at risk.

December 2017 means that the data is actually fairly old. We don't go around mass-resetting passwords with old data. That'd do more bad than good for us and the affected users.
80108 cr points
Send Message: Send PM GB Post
33 / M
Offline
Posted 3/6/18 , edited 3/6/18
Various people appear to be loging in to my account. Login details arent really shared with any other websites. It appears likely accounts were compromised somehow on here.
55497 cr points
Send Message: Send PM GB Post
62 / M / Earth
Offline
Posted 3/6/18 , edited 3/6/18

lizardmech wrote:

Various people appear to be loging in to my account. Login details arent really shared with any other websites. It appears likely accounts were compromised somehow on here.


https://haveibeenpwned.com/Pastes
56 cr points
Send Message: Send PM GB Post
15
Offline
Posted 3/6/18 , edited 3/6/18
Thank you for notifying me of the allegedly correct information, i suspect no ludicrous activity on my account though.
15194 cr points
Send Message: Send PM GB Post
☆Land of sweets☆
Offline
Posted 3/6/18 , edited 3/7/18
"2-factor authentication? who needs that lol."
- Crunchyroll
5013 cr points
Send Message: Send PM GB Post
37 / M
Offline
Posted 3/12/18 , edited 3/13/18
I’m encountering this issue after a password reset and after removing devices from my account. Is this just logged into someone’s browser somewhere or something then? Is there a way to get my account reset to knock them out? Whoever it is is ballsy enough to add their own videos to my queue even.
13070 cr points
Send Message: Send PM GB Post
23 / M / Kentucky
Offline
Posted 3/12/18 , edited 3/13/18
someone deleted my whole queue :'(

reset my password to something stronger and deleted all devices off of my account, hopefully that will be enough.
5013 cr points
Send Message: Send PM GB Post
37 / M
Offline
Posted 3/12/18 , edited 3/13/18
Good luck. I did the same last night. My guy is watching Blend S ep 12 right now.
5013 cr points
Send Message: Send PM GB Post
37 / M
Offline
Posted 3/13/18 , edited 3/13/18
Same canned response from the same “Tobias” as before. Somehow I doubt this is getting looked at. Probably going to quit my premium if this is the service I get tbh.
27 cr points
Send Message: Send PM GB Post
33 / M
Offline
Posted 8/30/18 , edited 8/30/18

shinryou wrote:


sonyaegarza wrote:

In December 2017, someone posted a paste full of premium Crunchyroll email addresses and passwords.

My account was breached too.

I notified CR of this two days ago and they have refused to take action. They have told me to change my password but I demanded they notify the affected users.

Please change your password and consider deleting your account.


The correct approach is not using the same password across multiple services. Your password was likely stolen in the breach of another website and then checked against our login page. Run your email address through a service like haveibeenpwned.com to figure out where it was actually stolen and what other sites you use may be at risk.

December 2017 means that the data is actually fairly old. We don't go around mass-resetting passwords with old data. That'd do more bad than good for us and the affected users.


Shame on you. I suspected there had been a breach because that is the ONLY way my account could have been compromised. I have been doing some research on the web to this point and it appears there WAS a breach.

Now I am not sure if you are aware of this, but being a company with it's headquarters in California (the first state to set laws regarding notifying people affected by a breach) I would have thought this would have been common place. I mean hell you conform to the GDPR which is even more strict with how these have to be handled.

Since no one at this site seems to have done the homework, I will take the time to educate you. In the event of a breach or any time of compromise of user information you are required to A) Inform them of the breach within 45 days of the incident. Take steps to remedy injuries caused by the breach. C) (For California)General Breach Notification Statute: Any person who notifies more than 500 as a result of a single breach must complete and submit the Attorney General’s Data Security Breach form, and attach a single sample copy of the notification letter sent to affected California residents.

Penalties change by the state of the victims... but on average it is a $5,000 fine per day, per person after the 45 day period. So if this happened in Dec 2017 that is about $1,125,000 per user (after 45 day grace period). I have filed an official complaint with the FTC. I am more than willing to pay the fee to make them do a full investigation in to my claim. Honestly, this is worse than I initially thought and goes to show just how little crunchroll actually cares about the people who pay for their service.
27 cr points
Send Message: Send PM GB Post
33 / M
Offline
Posted 8/30/18 , edited 8/30/18
A little more digging shows that they are using MD5 for passwords. This just keeps getting worse and worse. MD5 can be cracked pretty quickly these days and passwords pulled from it.

Just think. If they hadn't fed me some crazy lie about my account and accused me of being a liar... well then no one would be here to push this issue.

If you are a member and reading this you should probably start looking for a better alternative. Your personal information is not safe here and if the FTC investigation finds what I think they will... then chances are this site will be filing bankruptcy very shortly after.
89 cr points
Send Message: Send PM GB Post
Offline
Posted 9/17/18 , edited 9/17/18

shinryou wrote:


sonyaegarza wrote:

In December 2017, someone posted a paste full of premium Crunchyroll email addresses and passwords.

My account was breached too.

I notified CR of this two days ago and they have refused to take action. They have told me to change my password but I demanded they notify the affected users.

Please change your password and consider deleting your account.


The correct approach is not using the same password across multiple services. Your password was likely stolen in the breach of another website and then checked against our login page. Run your email address through a service like haveibeenpwned.com to figure out where it was actually stolen and what other sites you use may be at risk.

December 2017 means that the data is actually fairly old. We don't go around mass-resetting passwords with old data. That'd do more bad than good for us and the affected users.




Due to the fact is did happen, and you guys cannot allow people to remove their credit info and won't do it for us when we ask you guys... That is a PCI compliance violation. I don't want my info on here due to the fact that can happen, I want to protect my info and to do this I would like more options than "change your password"... I would like to remove all my billing info. Please remove this for me. Thank you.
89 cr points
Send Message: Send PM GB Post
Offline
Posted 9/17/18 , edited 9/17/18

namealreadytaken wrote:

"2-factor authentication? who needs that lol."
- Crunchyroll




people who want to be legally allowed to process credit cards, it's 2018 it's required when personal info is indefinitely saved to your account.

They claim they are PCI Compliant....
Der Zoodirektor
27069 cr points
Send Message: Send PM GB Post
36 / M / Germany
Offline
Posted 9/18/18 , edited 9/18/18

crunchyrollscams wrote:


namealreadytaken wrote:

"2-factor authentication? who needs that lol."
- Crunchyroll




people who want to be legally allowed to process credit cards, it's 2018 it's required when personal info is indefinitely saved to your account.

They claim they are PCI Compliant....


You had a pending unpaid charge on your account. You basically still owed us money, which prevented the cancellation. I have taken the pending charge off now and terminated your membership. You can now remove your card.
You must be logged in to post.