Hackers claim to have compromised a senior executive’s Google Drive account at Viz Media, the largest anime and manga publisher in the United States. The attackers say they stole more than 250 gigabytes of sensitive corporate data, including employee credentials, contracts, and licensing materials.
The breach was first disclosed on an underground data leak forum often used by initial access brokers, who specialize in selling unauthorized access to corporate networks. The post alleges that the threat actors infiltrated the account of Viz Media’s vice president, granting them broad access to internal company systems and data.
Corporate Data and Employee Credentials Exfiltrated
Samples shared by the attackers suggest that they accessed corporate Google Drive and Gmail accounts, internal company dashboards, and royalty management systems like Mediabox. The leaked information reportedly includes emails, NDAs, licensing agreements, employee Social Security numbers, and business plans.
Researchers at Cybernews, who analyzed the attackers’ forum post, believe the breach stemmed from the compromise of a single senior employee’s account—likely via a social engineering attack that bypassed authentication controls.
“It could’ve been that this person fell victim to a social engineering attack leading to unauthorized access to the company’s internal systems,” said the research team.
The researchers added that the stolen data could be leveraged to craft highly convincing phishing campaigns targeting Viz Media’s partners and vendors. Given the breadth of access obtained, the attackers could potentially pivot to other systems or accounts within the organization.
Attackers Attempt to Sell Stolen Data
The hackers are reportedly attempting to sell the stolen data and access for an undisclosed five-figure sum. Only a small portion of the stolen material has been publicly released to demonstrate authenticity.
If verified, this breach would mark one of the more significant cyber incidents to affect a major player in the global entertainment and publishing industry, demonstrating how targeting a single high-ranking executive can open access to critical systems and confidential data.
Background on Viz Media
Headquartered in San Francisco, Viz Media is owned by Shogakukan-Shueisha Productions and is the U.S. distributor of blockbuster anime and manga titles including Naruto, Demon Slayer, Death Note, and Sailor Moon. The company employs more than 300 staff and generates an estimated $40–100 million in annual revenue.
As of publication, Viz Media has not publicly commented on the alleged breach. Security analysts emphasize that rapid incident response and a comprehensive audit of accessed data are essential to prevent further compromise or reputational damage.
