HomeNewsBreachesAbout
Account
163.com-2015

NetEase Breach

Oct 19, 2015

259,802,695 rows

Added on Dec 1, 2024

Search the Leak

Email

What happened in the NetEase Breach?

DataBreach.com Team · November 30th 2024, 7:00 pm EST

​In October 2015, NetEase, a major Chinese internet company known for its email services at 163.com and 126.com, was reported to have suffered a significant data breach. The breach allegedly exposed the email addresses and plaintext passwords of approximately 234 million users. This data later surfaced on dark web marketplaces, where it was offered for sale by cybercriminals.

Despite the widespread circulation of the compromised data, NetEase has consistently denied any breach of its systems. The company maintains that its infrastructure remained secure and that no unauthorized access occurred. However, cybersecurity experts and platforms like Have I Been Pwned (HIBP) have noted that multiple individuals confirmed the authenticity of their credentials within the leaked dataset. Due to the challenges in conclusively verifying breaches involving Chinese companies, HIBP has labeled this incident as "unverified" but acknowledges the legitimacy of the data itself.

The breach's impact was significant, given the vast number of users affected and the sensitivity of the exposed information. Plaintext passwords, in particular, pose a severe security risk, as they can be easily exploited by malicious actors. The incident underscored the importance of robust cybersecurity measures and the need for companies to promptly address and disclose data breaches to protect their users.​

NetEase's response, or lack thereof, drew criticism from the cybersecurity community. The company's refusal to acknowledge the breach and its limited communication with users left many without guidance on how to protect themselves. This situation highlighted the challenges in holding companies accountable for data security, especially when operating across different legal and regulatory environments.

For media inquiries, contact us at contact@databreach.com