Hackers have claimed to have breached the account of a senior executive at Viz Media, the largest anime and manga publisher in the United States, and exfiltrated over 250 GB of sensitive corporate data. The alleged attack, announced on an underground data leak forum, reportedly targeted a vice president’s Google Drive, granting broad access to internal systems and confidential information.
Allegations of Extensive Data Theft
According to reports from cybersecurity news outlets that investigated the hackers’ forum post, the stolen data allegedly includes a vast array of confidential information. This encompasses corporate emails, non-disclosure agreements (NDAs), licensing agreements, future business plans, employee credentials, and even employee Social Security numbers. The attackers reportedly shared a sample of the data to prove their claims and are attempting to sell the full package for a five-figure sum on dark web forums.
Compromised Systems and Privileged Access
The hackers assert they gained access to several critical Viz Media systems through the compromised vice president’s account. These allegedly include corporate Google Drive and Gmail accounts, Viz Media’s internal dashboards, and royalty management systems like Mediabox. Researchers at Cybernews suggested that the compromise likely stemmed from a social engineering attack that targeted a single, highly privileged account, which then provided extensive access to company systems.
Potential Implications for Viz Media and Partners
The alleged breach, if confirmed, carries significant risks for Viz Media, its employees, corporate customers, and partners. The stolen data could be leveraged for sophisticated phishing campaigns, fraud, and the leakage of confidential licensing data. The incident highlights a critical cybersecurity vulnerability where the compromise of even one privileged account can lead to widespread access across an entire organization’s network and data.
Viz Media, known for publishing popular titles such as Naruto, One-Punch Man, Demon Slayer, Death Note, and Sailor Moon, has yet to issue an official statement regarding the alleged data breach. The company is owned by Japan’s Shogakukan–Shueisha Productions. Cybersecurity experts emphasize the need for Viz Media to swiftly investigate and catalog the full extent of the compromised data.
