Forum - View topicNEWS: Crunchyroll Confirms Some Login Credentials Were Posted on Social Media; States There is 'No E
|
Note: this is the discussion thread for this article |
| Author | Message | |||
|---|---|---|---|---|
|
pikabot
Posts: 176 |
|
|||
|
Plaintext credentials on Twitter is not generally how data breaches come to light; generally speaking what you see is someone trying to sell an archive of encrypted data they’d exfiltrated. And if Crunchyroll was actually storing credentials in plain text, it would be a massive security fuckup that you need to actively go out of your way to do in this day and age. Stranger things have happened but so far evidence suggests that this is a list of people who got phished rather than a data breach.
|
||||
|
||||
Kougeru
 Posts: 5612 |
|
|||
99% of "hacks" reported on social media are just from people getting phished so this is likely |
||||
|
||||
mdo7
 Posts: 6720 Location: Katy, Texas, USA |
|
|||
Luckily, I'm not one of the victims although I will admit I had my cases of suspicious users trying to befriend and talk to me on Instagram, but because I was too smart to tell these phishing accounts/profiles couldn't answer any of my basic questions, I blocked them. |
||||
|
||||
|
sharkticon
Posts: 34 |
|
|||
|
Gonna post here what I posted a few other places.
Most of the creds, according to haveibeenpwned are from 2025 stealer malware logs. The Poster seems to be a general grifter, with the follow up links being affiliate links to get rich quick schemes. He also tells a few people in the comments who claimed the creds were theirs "this is what happens when you don't pay." This appears to have been a scammer and grifter who got way more attention than he expected. None of the evidence points to it coming from Crunchyroll. |
||||
|
||||
RupanSansei
 Posts: 168 |
|
|||
|
glad i never subbed to crunchyroll as they always seemed sketchy as all hell especially considering they used be a pirate site. i literally got a permaban on their reddit from the mods due to sharing the old piracy era logo
|
||||
|
||||
NieR
 Posts: 223 |
|
|||
|
Dang. I have a free 30-day Premium trial I won in a Twitter giveaway [alongside Nintendo Switch digital game code for Samurai Jack: Battle Through Time] back in 2020, and if the trial requires that I enter in my bank card information to use it, I think I may have to let the trial code expire in August...
The Samurai Jack game was an awesome gaming experience and I'm glad I have it both digitally and physically in my video game collection. |
||||
|
||||
Ataru
 Posts: 2332 Location: Missouri (Strikeman) |
|
|||
|
Change your password, even if you don't think you are on that list. Use a password manager, like KeePass or BitWardan, and make sure it's random so there is little chance it will be shared with another site.
I'm amazed there is no 2FA on Crunchyroll or the store. That's pretty basic security these days. |
||||
|
||||
|
NickCMedia
Posts: 16 |
|
|||
|
Regardless, I changed my password. I think we should all change our passwords at least once every six months, just in case.
|
||||
|
||||
|
Farhanawesome
Posts: 247 |
|
|||
So are you saying that you want Crunchyroll to be bankrupt or something ? |
||||
|
||||
|
XSp
Posts: 284 |
|
|||
Agreed. Though just to give a shout out... I think they might have a pretty limited version of it if you include your cellphone number on your settings. It's SMS or Messaging based only, which is the worst type of 2FA basically, but it's... something. They need to start using at least ToTP though. |
||||
|
||||
Top Gun
 Posts: 4860 |
|
|||
No offense, but no one has time to do that. |
||||
|
||||
|
mdo7
Posts: 6720 Location: Katy, Texas, USA |
|
|||
Yeah, I'm kind of surprised that Crunchyroll has not created or implemented a 2/multi-factor authentication like most websites would have (even MyAnimeList/MAL has 2FA). So I'm not sure why they didn't implement that given that CR users are using credit card to pay their streaming subscription. That's really baffling. 
|
||||
|
||||
el_morris
 Posts: 293 Location: Tijuana, México |
|
|||
|
I changed my password about two months ago (something I do regularly) but changed it anyways regardless if my data was compromised or not.
Like which ones? I haven't seen news on leaks of other services recently. |
||||
|
||||
|
chronos02
Posts: 273 |
|
|||
This does appear to be the most likely case, and CR has provided a pretty sound reply about what the users should do, which is honestly quite rare, especially the "diversify" part. However, changing passwords regularly is not a good idea, as pointed out in many security articles. Regular password changes can, in fact, make your account less secure, and increases the risk of account loss under some circumstances , so it's not recommended to change passwords regularly, and only to do so when the circumstances make it necessary, such as when there are suspicions of a security breach, such as this case. What is very recommended, perhaps absolutely necessary, is to use completely different passwords for every account from the same and different services, otherwise, 1 security breach will compromise all or many of your other accounts. In order to accomplish this, however, you will need a password manager (unless you have godly memory). I personally have no recommendations, but after using a few and getting backstabbed by these services, I simply went with google's password manager, as well as a local manager, which is a hassle, hence google's one as well (but this is also bad, since if the google account gets compromised, everything gets compromised, so I do not recommend this... it's a single point of failure after all). What CR did not do, however, is ask its users to change passwords given the suspicion of a data breach, which is not great, they could at least have recommended they do this even if they are confident no data was leaked, more so when they encourage "regular" password changes (even if that, as said, is not a great idea). Still, I highly encourage people to check actual studies on the best practices to keep your account(s) secure, what I said might not even apply anymore due to the constant changes and evolution of IT, and as a simple user, what I said should obviously be taken with a grain of salt. Happy watching I guess. |
||||
|
||||
Mamo-chan
 Posts: 79 |
|
|||
|
I always change my password every year or so. I should increase that to every 6 months.
|
||||
|
||||
 |
All times are GMT - 5 Hours |
|
|
|
Powered by phpBB © 2001, 2005 phpBB Group