15-Year-Old Arrested Over Bandai Channel Cyberattack Using a ChatGPT-Assisted Tool

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Spread the love

Japanese police have arrested a 15-year-old high school student from Tokorozawa City, Saitama Prefecture, on suspicion of fraudulent obstruction of business after he allegedly used a ChatGPT-assisted program to launch a sustained cyberattack against Bandai Channel, a popular anime and tokusatsu streaming service operated by Bandai Namco Filmworks.

Investigators say the teenager, who was still in his third year of junior high school as of last November 2025, gained unauthorized access to Bandai Channel’s backend servers and systematically canceled the registrations of 46,812 members, forcing mass account withdrawals.

The disruption was severe enough that Bandai Namco Filmworks was compelled to temporarily suspend all platform services, cutting off access to its entire user base while the company investigated the breach.

According to police, the suspect built a custom program using OpenAI’s ChatGPT to automate unauthorized access into member accounts and force account deletions at scale. This case highlights a growing trend: threat actors, including minors with self-taught skills, leveraging generative AI to lower the technical barrier for developing exploitation scripts.

The boy reportedly began learning programming independently around fourth grade and developed sufficient expertise to weaponize AI-assisted code generation for repeated, automated attacks against production systems, according to a Japanese news Website.

During the intrusions, the attacker also harvested member information, including email addresses and nicknames. Bandai Namco Filmworks has stated that, as of now, there is no confirmed evidence this data was leaked publicly or used for secondary fraud, though the exposure of PII in a breach of this scale remains a concern for affected users.

  • November 2025: Bandai Namco Filmworks suspends all Bandai Channel services after detecting unauthorized access and unintended removals of member accounts.
  • December 2025: Services resume following implementation of enhanced security measures.
  • Company statement: No confirmed public disclosure of personal data or secondary damage reported.
  • Ongoing: Bandai Namco Filmworks commits to strengthening its information security management framework to prevent recurrence.

In a statement to press inquiries, the company said: “We will strive to prevent recurrence by further strengthening our security management system, including information security management, so that our members can use our services with peace of mind.”

During questioning, the boy admitted to the charges and told investigators he “had no grudge against the victim companies,” suggesting the attack may have been motivated by technical curiosity or demonstration of capability rather than financial gain or targeted malice.

This incident underscores two escalating concerns in the threat landscape: the accessibility of generative AI tools for crafting exploitation scripts, and the vulnerability of streaming platforms to account-takeover-style attacks at scale.

Security teams should treat mass unauthorized account deletion or credential abuse as a serious business continuity risk, not just a data privacy issue, since it can force full-service outages even in the absence of confirmed data exfiltration.

Organizations running member-based platforms should audit authentication rate-limiting, monitor for anomalous bulk account actions, and consider behavioral detection for automated deletion requests, particularly as AI-assisted tooling continues to lower the skill threshold for such attacks.

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.