A 15-year-old Japanese student has been arrested over a cyberattack that allegedly forced the cancellation of 46,812 Bandai Channel accounts, exposed member information and pushed the anime streaming service offline for more than six weeks. The disruption began on November 4, 2025, but the scale and alleged use of ChatGPT became public after Tokyo police announced the arrest in July 2026.
According to Jiji Press and Japanese broadcasters TBS and Fuji TV, the student used a custom program developed with help from ChatGPT to automate unauthorized subscription cancellations. Police allege that he sent false requests to servers operated by Bandai Namco Filmworks between 5 p.m. and 8:46 p.m. on November 4.
The incident is an unusually concrete example of generative AI lowering the effort required to turn a discovered vulnerability into a large-scale attack. Yet the more consequential finding is not that an AI chatbot produced code. It is that a customer-facing account function reportedly accepted enough unauthorized requests to remove tens of thousands of users before the operator could stop them.
Bandai Channel began seeing members removed from the service without their consent on November 4. Bandai Namco Filmworks initially described the problem as an account cancellation malfunction, but warned that unauthorized access and information exposure were possible.
The company suspended the entire service at 11:30 p.m. on November 6 as an emergency measure. Bandai Channel did not fully return until noon on December 19, after an outside security investigation and the deployment of additional safeguards.
That transformed an attack lasting less than four hours into an outage spanning roughly 43 days. Bandai subsequently offered refunds covering affected portions of November and December subscriptions, along with eligible individually purchased viewing periods.
Japanese police say the attacker did not stop when Bandai attempted to block his connection. He allegedly changed his IP address about 30 times and continued running the cancellation program, demonstrating why simple source-address blocking is weak protection against an automated attack.
The student, a first-year high school pupil from Tokorozawa in Saitama Prefecture, was reportedly in his third year of junior high school when the incident occurred. Investigators say he began using computers in elementary school and taught himself programming and other technical skills.
Police arrested him on June 13 on suspicion of violating Japan’s Unauthorized Computer Access Prohibition Act after he allegedly logged in to 15 accounts using credentials obtained without authorization. He was arrested again in early July on suspicion of fraudulent obstruction of business in connection with the mass cancellations.
The suspect has admitted the allegations, according to Japanese reporting, while telling investigators that he held no grudge against Bandai Namco Filmworks. Police say the company’s server and communication records helped identify him.
The available reporting does not establish that ChatGPT independently discovered Bandai Channel’s vulnerability or autonomously compromised the service. Investigators believe the student identified the weakness by monitoring and analyzing network communications between the platform and its users.
ChatGPT appears to have assisted with converting that knowledge into a working automation tool. That distinction matters: generative AI may reduce the experience, time and troubleshooting needed to write attack code, but the reported intrusion still required reconnaissance, access to account information and repeated efforts to evade Bandai’s response.
Calling the program “AI-generated malware” risks obscuring the underlying failure. The software allegedly automated requests against a vulnerable account-management process; the real security questions concern how those requests were authorized, why cancellation actions could be issued at such scale and why anomalous activity was not halted earlier.
For defenders, the incident shows how quickly a modest flaw can become an operational crisis once it is paired with automation. An attacker no longer needs to write every component from scratch or spend hours searching documentation and debugging syntax. A conversational coding assistant can help refine scripts, explain errors and adapt requests while an attack is underway.
That raises the baseline threat from inexperienced but persistent users. It does not remove the need for technical understanding, but it can make the distance between discovering a weakness and exploiting it across thousands of accounts considerably shorter.
Platforms should consequently assume that any reproducible account-management flaw will be automated. Sensitive operations such as subscription cancellation, password changes, payment modifications and account deletion need controls that remain effective even when an attacker can generate requests faster than a human operator can investigate them.
Rate limits alone are not enough if they are tied only to an IP address. Effective defenses can combine authenticated-session validation, reauthentication for destructive changes, behavioral detection, per-account and per-device limits, anti-automation controls and alerts for unusual spikes in account actions.
Most importantly, destructive operations should be reversible. A delayed cancellation, confirmation through a trusted channel or recoverable account state can prevent one compromised endpoint from immediately becoming a permanent customer-impact event.
The affected information could include email addresses, nicknames, Bandai Namco Coin balances and the payment method selected by a member. Bandai said login passwords, credit card numbers and other information directly usable for fraudulent payments were not included.
The company also said its investigation found no evidence that the exposed information had been published online or used in secondary attacks. It confirmed that the incident was not ransomware and reported its findings to Japan’s Personal Information Protection Commission.
Users should nevertheless remain cautious about phishing messages that reference Bandai Channel, account cancellations, refunds or Bandai Namco payments. An attacker does not need a password or complete card number to create a convincing message if an exposed email address can be combined with a recognizable service name and payment-method detail.
Messages claiming that an account must be restored, a refund must be accepted or billing information must be reconfirmed deserve particular scrutiny. Members should access Bandai services through their usual bookmark or application rather than following unsolicited login links.
Because passwords were not listed among the potentially exposed data, Bandai’s disclosure does not indicate a direct need for every user to reset unrelated credentials. Anyone who reused a Bandai password elsewhere, encountered suspicious login activity or entered credentials into a message received after the breach should still change those passwords and enable multifactor authentication wherever available.
The Bandai Channel incident was different in method and apparent motivation. It reportedly involved a lone teenager exploiting an application weakness rather than an organized ransomware group infiltrating corporate systems for extortion.
Its operational consequences were still substantial: tens of thousands of unauthorized cancellations, a prolonged shutdown, an outside investigation, customer notifications and a complicated refund process. The ability to cause that damage without sophisticated infrastructure should concern operators of subscription services more than the attacker’s age.
Generative AI is part of this story because it reportedly helped a young attacker finish and scale his code. But it is not an explanation for why the code worked against a production system.
The lasting test for Bandai Channel is whether the safeguards introduced before its December 19 restart address the authorization and recovery failures behind the cancellations. For other online services, the warning is already clear: once an account-management vulnerability becomes scriptable, mass exploitation can begin within minutes, regardless of whether the person behind the keyboard is an experienced criminal crew or a student with a chatbot.
According to Jiji Press and Japanese broadcasters TBS and Fuji TV, the student used a custom program developed with help from ChatGPT to automate unauthorized subscription cancellations. Police allege that he sent false requests to servers operated by Bandai Namco Filmworks between 5 p.m. and 8:46 p.m. on November 4.
The incident is an unusually concrete example of generative AI lowering the effort required to turn a discovered vulnerability into a large-scale attack. Yet the more consequential finding is not that an AI chatbot produced code. It is that a customer-facing account function reportedly accepted enough unauthorized requests to remove tens of thousands of users before the operator could stop them.
One Evening of Requests Became a Six-Week Outage
Bandai Channel began seeing members removed from the service without their consent on November 4. Bandai Namco Filmworks initially described the problem as an account cancellation malfunction, but warned that unauthorized access and information exposure were possible.The company suspended the entire service at 11:30 p.m. on November 6 as an emergency measure. Bandai Channel did not fully return until noon on December 19, after an outside security investigation and the deployment of additional safeguards.
That transformed an attack lasting less than four hours into an outage spanning roughly 43 days. Bandai subsequently offered refunds covering affected portions of November and December subscriptions, along with eligible individually purchased viewing periods.
Japanese police say the attacker did not stop when Bandai attempted to block his connection. He allegedly changed his IP address about 30 times and continued running the cancellation program, demonstrating why simple source-address blocking is weak protection against an automated attack.
The student, a first-year high school pupil from Tokorozawa in Saitama Prefecture, was reportedly in his third year of junior high school when the incident occurred. Investigators say he began using computers in elementary school and taught himself programming and other technical skills.
Police arrested him on June 13 on suspicion of violating Japan’s Unauthorized Computer Access Prohibition Act after he allegedly logged in to 15 accounts using credentials obtained without authorization. He was arrested again in early July on suspicion of fraudulent obstruction of business in connection with the mass cancellations.
The suspect has admitted the allegations, according to Japanese reporting, while telling investigators that he held no grudge against Bandai Namco Filmworks. Police say the company’s server and communication records helped identify him.
ChatGPT Accelerated the Attack, but Did Not Find the Open Door
The AI angle will inevitably dominate attention. TBS reported that the student told investigators he completed the program by asking ChatGPT for assistance, while Jiji Press said he used the chatbot when creating the unauthorized software.The available reporting does not establish that ChatGPT independently discovered Bandai Channel’s vulnerability or autonomously compromised the service. Investigators believe the student identified the weakness by monitoring and analyzing network communications between the platform and its users.
ChatGPT appears to have assisted with converting that knowledge into a working automation tool. That distinction matters: generative AI may reduce the experience, time and troubleshooting needed to write attack code, but the reported intrusion still required reconnaissance, access to account information and repeated efforts to evade Bandai’s response.
Calling the program “AI-generated malware” risks obscuring the underlying failure. The software allegedly automated requests against a vulnerable account-management process; the real security questions concern how those requests were authorized, why cancellation actions could be issued at such scale and why anomalous activity was not halted earlier.
For defenders, the incident shows how quickly a modest flaw can become an operational crisis once it is paired with automation. An attacker no longer needs to write every component from scratch or spend hours searching documentation and debugging syntax. A conversational coding assistant can help refine scripts, explain errors and adapt requests while an attack is underway.
That raises the baseline threat from inexperienced but persistent users. It does not remove the need for technical understanding, but it can make the distance between discovering a weakness and exploiting it across thousands of accounts considerably shorter.
Platforms should consequently assume that any reproducible account-management flaw will be automated. Sensitive operations such as subscription cancellation, password changes, payment modifications and account deletion need controls that remain effective even when an attacker can generate requests faster than a human operator can investigate them.
Rate limits alone are not enough if they are tied only to an IP address. Effective defenses can combine authenticated-session validation, reauthentication for destructive changes, behavioral detection, per-account and per-device limits, anti-automation controls and alerts for unusual spikes in account actions.
Most importantly, destructive operations should be reversible. A delayed cancellation, confirmation through a trusted channel or recoverable account state can prevent one compromised endpoint from immediately becoming a permanent customer-impact event.
The Privacy Exposure Was Far Larger Than 46,812 Accounts
The canceled subscriptions were the most visible symptom, but Bandai’s later investigation identified a potentially wider data incident. The company said up to 1.366 million pieces of member information may have been exposed.The affected information could include email addresses, nicknames, Bandai Namco Coin balances and the payment method selected by a member. Bandai said login passwords, credit card numbers and other information directly usable for fraudulent payments were not included.
The company also said its investigation found no evidence that the exposed information had been published online or used in secondary attacks. It confirmed that the incident was not ransomware and reported its findings to Japan’s Personal Information Protection Commission.
Users should nevertheless remain cautious about phishing messages that reference Bandai Channel, account cancellations, refunds or Bandai Namco payments. An attacker does not need a password or complete card number to create a convincing message if an exposed email address can be combined with a recognizable service name and payment-method detail.
Messages claiming that an account must be restored, a refund must be accepted or billing information must be reconfirmed deserve particular scrutiny. Members should access Bandai services through their usual bookmark or application rather than following unsolicited login links.
Because passwords were not listed among the potentially exposed data, Bandai’s disclosure does not indicate a direct need for every user to reset unrelated credentials. Anyone who reused a Bandai password elsewhere, encountered suspicious login activity or entered credentials into a message received after the breach should still change those passwords and enable multifactor authentication wherever available.
The Security Failure Outlasts the AI Headline
Bandai Namco has dealt with a major intrusion before. In July 2022, the company confirmed a ransomware attack affecting group operations in Asian markets outside Japan, with the ALPHV or BlackCat ransomware operation claiming responsibility.The Bandai Channel incident was different in method and apparent motivation. It reportedly involved a lone teenager exploiting an application weakness rather than an organized ransomware group infiltrating corporate systems for extortion.
Its operational consequences were still substantial: tens of thousands of unauthorized cancellations, a prolonged shutdown, an outside investigation, customer notifications and a complicated refund process. The ability to cause that damage without sophisticated infrastructure should concern operators of subscription services more than the attacker’s age.
Generative AI is part of this story because it reportedly helped a young attacker finish and scale his code. But it is not an explanation for why the code worked against a production system.
The lasting test for Bandai Channel is whether the safeguards introduced before its December 19 restart address the authorization and recovery failures behind the cancellations. For other online services, the warning is already clear: once an account-management vulnerability becomes scriptable, mass exploitation can begin within minutes, regardless of whether the person behind the keyboard is an experienced criminal crew or a student with a chatbot.
References
- Primary source: Comic Book Resources
Published: 2026-07-12T03:30:12+00:00
46,000 Anime Streaming Accounts Suddenly Canceled in Major Bandai Incident
Police have arrested a 15-year-old on suspicion of carrying out the cyberattack.
www.cbr.com