A Japanese teenager has been arrested after police said he used ChatGPT to help create a malicious program that canceled more than 46,000 anime streaming accounts.
Risk escalated after Bandai Namco Filmworks said up to 1.36 million items of personal information, including email addresses, may have been breached. Tokyo Metropolitan Police said the boy admitted the allegation and told investigators he had no grudge against the company.
Anime fans in Japan use paid accounts to access franchises, receive service notices, request refunds, manage email records, and see viewing history.
Anime accounts became a cyber target
Fraudulent commands sent to company servers removed users from the paid service without their consent. Bandai Channel, known for titles such as Mobile Suit Gundam, is operated by a subsidiary of Bandai Namco Holdings, Japan’s largest toymaker.
The authorities arrested the 15-year-old Tokorozawa student on suspicion of obstructing business. After the company blocked his access, he changed his IP address about 30 times and continued making unauthorized cancellations.
Members received refunds, and customers were warned to watch for suspicious emails. Account confusion can give scammers an opening through fake refund or recovery messages.
ChatGPT helped scale the attack
Investigators described a self-taught student who found a vulnerability by analyzing data traffic. According to NHK, he made self-developed software more sophisticated with generative AI.
The teen claimed he had created source code for the withdrawal process, then used ChatGPT after the process became time-consuming.
“I started using computers when I was in the fourth grade and taught myself everything I know,” he reportedly told investigators.
Technical knowledge still came first. The chatbot’s role raises a more immediate concern because AI tools can help users refine code and automate harmful activities more quickly.
Fan accounts can open the door to wider scams
Japanese anime fans and parents managing children’s entertainment accounts face a risk that extends beyond a single canceled subscription. One reused email address can link a streaming profile to a game store or fan club account. Scammers can use that connection to send fake account notices after a disruption.
Refund messages may be the most believable lure. Someone who knows a platform that went offline may trust a note asking them to restore access. A fake payment check or password reset can look routine during a real service problem.
Account holders should open the official app or website before acting on any refund notice. Reused passwords should be changed first on accounts linked to the same email address.
Parents should check children’s streaming and gaming accounts for unfamiliar alerts. Entertainment accounts may look harmless, but they can still give criminals a path into family email records and payment activity.
Also read: Japan’s 10-million-robot goal turns automation into a national-scale answer to its shrinking workforce.


