Update 3 (5/11 8:20am): Crunchyroll have posted a blog post with full details of the hack. As we suspected, it was a domain hijack via their CloudFlare DNS account, and unconnected to their main infrastructure in any way. The post also includes details on what to do if you visited the site while it was compromised.
Update 2 (4:40pm): Crunchyroll is back online, and no longer offers or attempts to download malware when viewed. We’ll update again if/when Crunchyroll release any more information on the breach.
Update (1:00pm): We’ve clarified the details of the hack based on new info from Crunchyroll and the community.
Heads up: Please do not visit Crunchyroll’s main website today – it has been hacked and infected with a virus.
Currently, if you browse to any version of Crunchyroll on the web, the site will automatically try to download “CrunchyViewer.exe,’ and offer a “Try our new desktop application !” message. Both of these lead to malware – please do not open any files downloaded from Crunchyroll, and if you download it by mistake, immediately delete it and run a full virus scan on your computer. Attempting to run the app will open a modified version of Taiga, which will harvest information from your computer (including asking for MyAnimeList details), and send it to a Russian server. It also appears to be ransomware – it will attempt to encrypt your hard drive, and will demand a payment to restore it. If you have run the app, immediately close and delete it, back up your files, and use a different device to change all your passwords – they may have been compromised.
While Crunchyroll’s apps are apparently secure, they are currently non-functional as a result of the breach.
While concrete information regarding the breach has been thin on the ground so far, Crunchyroll’s German Twitter account has been tweeting in English to try and shed light on the situation. According to this tweet, it currently looks like the hackers have broken into the DNS servers powering Crunchyroll – in English, this means that when you access crunchyroll.com, you’ll go to a server owned by the hackers, rather than Crunchyroll’s real servers. While it will take a full post-mortem from Crunchyroll to confirm, this suggests that user and payment data may be safe for now – but please remain vigilant until we have solid confirmation that this is the case.
If you haven’t already, please take the time to review your passwords – if your Crunchyroll account shares a password with any other account, or is in any way similar, change them immediately to fully unique passwords.
- Do not ever re-use passwords between sites, including variations. If you had a single password and an attacker got it, it would give them access to every identity and account you have online. Even changing parts of your password per site won’t stop a committed attacker, so passwords need to be entirely unique.
- To make the above practical, look into using a password manager such as LastPass (recommended), 1Password, KeePass, or (if you’re exclusively an Apple user) the built-in iCloud Keychain. Each of these allows you to generate a truly random password for every site you visit, and will automatically fill them in for you when visiting sites. Using a password manager makes your life much easier, and makes your accounts much more secure – and they’re generally cheap or free, and very easy to use.
- Be particularly paranoid about your e-mail address’s security – anyone who gets into your e-mail address can get access to your other accounts too. Use a strong password, and enable two-factor authentication if your provider allows it – most major e-mail providers do. Two-factor authentication can be a bit of a pain, but it’s well worth it for the extra security it provides.
- Consider plugging your e-mail into Have I Been Pwned to see if you’ve been affected by any of the innumerable data breaches over the last few years. If you have, change all your passwords now – perhaps it’s a good time to get a password manager?